recommended that this account have hardware MFA enabled.
Hardware MFA adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they’re prompted for their user name and password and for an authentication code from their AWS MFA device.
Compromise of the root account compromises the entire AWS account and all resources within it.