AWS cognito documentation change
Summary
Updated references from 'advanced security features' to 'Essentials or Plus feature tiers' for password reuse policy configuration
Security assessment
The change clarifies how to access existing security features (password reuse prevention) through different feature tiers rather than indicating a new vulnerability or fix. It maintains security documentation but doesn't address a specific newly discovered issue.
Diff
diff --git a/cognito/latest/developerguide/managing-users-passwords.md b/cognito/latest/developerguide/managing-users-passwords.md index bcc02bff7..e92de75cf 100644 --- a//cognito/latest/developerguide/managing-users-passwords.md +++ b//cognito/latest/developerguide/managing-users-passwords.md @@ -110 +110 @@ In a given hour, we allow between 5 and 20 attempts for a user to request or ent -Strong, complex passwords are a security best practice for your user pool. Especially in applications that are open to the internet, weak passwords can expose your users' credentials to systems that guess passwords and try to access your data. The more complex a password is, the more difficult it is to guess. Amazon Cognito has additional tools for security-conscious administrators, like [advanced security features](./cognito-user-pool-settings-threat-protection.html#cognito-user-pool-settings-threat-protection.title) and [AWS WAF web ACLs](./user-pool-waf.html#user-pool-waf.title), but your password policy is a central element of the security of your user directory. +Strong, complex passwords are a security best practice for your user pool. Especially in applications that are open to the internet, weak passwords can expose your users' credentials to systems that guess passwords and try to access your data. The more complex a password is, the more difficult it is to guess. Amazon Cognito has additional tools for security-conscious administrators, like [threat protection](./cognito-user-pool-settings-threat-protection.html#cognito-user-pool-settings-threat-protection.title) and [AWS WAF web ACLs](./user-pool-waf.html#user-pool-waf.title), but your password policy is a central element of the security of your user directory. @@ -116 +116 @@ You can configure your user pool to require a minimum password complexity that c -With advanced security features, you can also set a policy for password reuse. You can prevent a user from resetting their password to a new password that matches their current password or any of up to 23 additional previous passwords, for a maximum total of 24. +With the Essentials or Plus feature tiers, you can also set a policy for password reuse. You can prevent a user from resetting their password to a new password that matches their current password or any of up to 23 additional previous passwords, for a maximum total of 24. @@ -144 +144 @@ You can require at least one of the following characters in passwords. After Ama - 7. Set a value for **Prevent use of previous passwords** , if available. To use this feature, activate [advanced security features](./cognito-user-pool-settings-threat-protection.html#cognito-user-pool-settings-threat-protection.title) in your user pool. The value of this parameter is the number of previous passwords that a new password is prevented from matching when a user resets their password. + 7. Set a value for **Prevent use of previous passwords** , if available. To use this feature, choose the Essentials or Plus [feature tier](./cognito-sign-in-feature-plans.html) in your user pool. The value of this parameter is the number of previous passwords that a new password is prevented from matching when a user resets their password.