MFA in Cognito: Two Options for Multi-Factor Authentication

MFA Options in Cognito

Q: Which of the next options could you use as MFA in Cognito? (Select two)

Google AuthenticatorSMS text message with MFA code.

Prev Question Next Question

Question

Which of the next options could you use as MFA in Cognito? (Select two)

Answers

A. Google Authenticator

B. Cognito Identity Pool

C. SMS text message with MFA code.

D. SES.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct answers A & C.

Option A is CORRECT because Google authenticator is a time-based one-time (TOTP) password service.

More details: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html.

Option B is incorrect because Cognito identity pool is used to provide credentials to users in a user pool in Cognito.

More details: https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html.

Option C is CORRECT because you can set up Cognito to send an authentication code via SMS after you submit your correct credentials.

More details: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-text-message.html.

Option D is incorrect because SES is a service used to send emails.

More details: https://aws.amazon.com/ses/

The answer is A. Google Authenticator and C. SMS text message with MFA code.

Amazon Cognito supports multiple factors of authentication (MFA) to help improve the security of your user sign-in process. Here's a brief explanation of each of the options:

A. Google Authenticator: It is a time-based one-time password (TOTP) authentication method that uses a secret key and a TOTP algorithm to generate unique codes that can be used as an additional factor for authentication. The Google Authenticator app can be installed on a user's mobile device, and it generates the TOTP codes without requiring a network connection.

B. Cognito Identity Pool: It is a secure and scalable authentication and authorization service that allows users to sign in with an identity provider (such as Amazon, Facebook, or Google) or with their own user credentials. However, it is not a MFA option.

C. SMS text message with MFA code: It sends a one-time password (OTP) to the user's mobile phone via SMS. The user enters the OTP into the sign-in page to complete the authentication process. This method is widely used but is considered less secure than other MFA methods because it is susceptible to SIM swapping attacks.

D. SES: Amazon Simple Email Service (SES) is a scalable and cost-effective email service that can be used to send transactional emails, marketing messages, or other types of content. It is not a MFA option.

In conclusion, options A and C are the correct answers for this question, as they are both supported MFA methods in Amazon Cognito.

Prev Question Next Question