AWS cognito high security documentation change
Summary
Added detailed table explaining MFA configuration impacts on passwordless authentication
Security assessment
Directly documents security feature behavior (MFA configuration impacts) that could prevent authentication vulnerabilities. Clarifies security implications of different MFA settings to prevent misconfigurations.
Diff
diff --git a/cognito/latest/developerguide/user-pool-settings-mfa.md b/cognito/latest/developerguide/user-pool-settings-mfa.md index c6b3453b5..cd1bff115 100644 --- a//cognito/latest/developerguide/user-pool-settings-mfa.md +++ b//cognito/latest/developerguide/user-pool-settings-mfa.md @@ -53,0 +54,10 @@ Before you set up MFA, consider the following: +The following table describes the effect of user pool MFA settings and user configuration of MFA factors on users' ability to sign in with passwordless factors. + +User pool MFA setting | User MFA status | Webauthn/OTP available | Prompted for MFA after password sign-in | Can sign in with WebAuthn/OTP +---|---|---|---|--- +Required | Configured | No | Yes | No +Required | Not configured | No | No (can't sign in) | No +Optional | Configured | Can set up WebAuthn but can't sign in with passkey | Yes | No +Optional | Not configured | Yes | No | Yes +Off | Any | Yes | No | Yes +