AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2026-05-31 · Documentation low

File: cognito/latest/developerguide/user-pool-settings-mfa.md

Summary

Updated error icon references with descriptive alt text

Security assessment

Purely cosmetic/image reference change. Doesn't alter MFA security documentation content or address vulnerabilities.

Diff

diff --git a/cognito/latest/developerguide/user-pool-settings-mfa.md b/cognito/latest/developerguide/user-pool-settings-mfa.md
index f9b5d24d6..ac02d86c2 100644
--- a//cognito/latest/developerguide/user-pool-settings-mfa.md
+++ b//cognito/latest/developerguide/user-pool-settings-mfa.md
@@ -220 +220 @@ The following list corresponds to the numbering in the decision logic diagram an
-  6. If the user has only an email address or only a phone number, determine whether that attribute is also the method the user pool implements to send account-recovery messages for password reset. If true, they can't complete sign-in with MFA required and Amazon Cognito returns an error. To activate sign-in for this user, you must add a non-recovery attribute or register a TOTP authenticator for them.  ![](/images/cognito/latest/developerguide/images/error.png)
+  6. If the user has only an email address or only a phone number, determine whether that attribute is also the method the user pool implements to send account-recovery messages for password reset. If true, they can't complete sign-in with MFA required and Amazon Cognito returns an error. To activate sign-in for this user, you must add a non-recovery attribute or register a TOTP authenticator for them.  ![Red circle with white X icon indicating error or deletion.](/images/cognito/latest/developerguide/images/error.png)
@@ -228 +228 @@ The following list corresponds to the numbering in the decision logic diagram an
-    4. If they don't have an attribute that's eligible for an enabled email or SMS MFA factor, determine whether TOTP MFA is enabled. If TOTP MFA is disabled, they can't complete sign-in with MFA required and Amazon Cognito returns an error. To activate sign-in for this user, you must add a non-recovery attribute or register a TOTP authenticator for them.  ![](/images/cognito/latest/developerguide/images/error.png)
+    4. If they don't have an attribute that's eligible for an enabled email or SMS MFA factor, determine whether TOTP MFA is enabled. If TOTP MFA is disabled, they can't complete sign-in with MFA required and Amazon Cognito returns an error. To activate sign-in for this user, you must add a non-recovery attribute or register a TOTP authenticator for them.  ![Red circle with white X icon indicating error or deletion.](/images/cognito/latest/developerguide/images/error.png)