AWS cognito documentation change
Summary
Expanded MFA session duration description to include email MFA alongside SMS
Security assessment
Clarifies that the session duration setting applies to both SMS and email MFA, but this is a documentation accuracy improvement rather than a security feature addition or vulnerability fix.
Diff
diff --git a/cognito/latest/developerguide/authentication.md b/cognito/latest/developerguide/authentication.md index cf8da2343..ea4a3f36b 100644 --- a//cognito/latest/developerguide/authentication.md +++ b//cognito/latest/developerguide/authentication.md @@ -173 +173 @@ Amazon Cognito console - 3. Change the value of **Authentication flow session duration** to the validity duration that you want, in minutes, for SMS MFA codes. This also changes the amount of time that any user has to complete any authentication challenge in your app client. + 3. Change the value of **Authentication flow session duration** to the validity duration that you want, in minutes, for SMS and email MFA codes. This also changes the amount of time that any user has to complete any authentication challenge in your app client.