AWS Security ChangesHomeSearch

AWS rekognition documentation change

Service: rekognition · 2025-07-04 · Documentation medium

File: rekognition/latest/dg/face-liveness-shared-responsibility-model.md

Summary

Added recommendations for additional security controls (geolocation, OTP) and guidance on challenge settings' security implications.

Security assessment

The changes provide enhanced security guidance but do not address a specific vulnerability. They document security best practices rather than fix an existing issue.

Diff

diff --git a/rekognition/latest/dg/face-liveness-shared-responsibility-model.md b/rekognition/latest/dg/face-liveness-shared-responsibility-model.md
index 7f343c46b..061494dc3 100644
--- a//rekognition/latest/dg/face-liveness-shared-responsibility-model.md
+++ b//rekognition/latest/dg/face-liveness-shared-responsibility-model.md
@@ -14,0 +15 @@ Security and Compliance is a shared responsibility between AWS and you, the cust
+  4. AWS recommends customers apply additional validation checks, such as location geolocation (e.g. based on IP), One Time Pass codes (OTPs) etc. in addition to Face Liveness that aligns with their use case requirements and security posture.
@@ -17,0 +19,3 @@ Security and Compliance is a shared responsibility between AWS and you, the cust
+
+The 'FaceMovementAndLightChallenge' setting delivers the highest accuracy for Rekognition Liveness by requiring users to move their face toward the screen and hold still for a series of flashing lights. We recommend that customers use this default setting. Alternatively, customers can enable the 'FaceMovementChallenge' setting, which reduces the check time by several seconds by eliminating the flashing lights. While 'FaceMovementAndLightChallenge' remains the best setting to maximize accuracy , 'FaceMovementChallenge' allows customers to prioritize faster liveness checks. When selecting between these settings, customers should consider their use case requirements including expected attack types, desired false accept and false reject rates, and also implement additional checks such as geolocation (e.g. based on IP), One Time Pass codes (OTPs), etc. Customers should make this decision after testing Liveness performance with various confidence score thresholds depending on their use case. Customers are responsible to implement controls to secure the device of which the video is sent from
+