Amazon Cognito user pools now offer email as a multi-factor authentication (MFA) option

Amazon Cognito has expanded multi-factor authentication (MFA) functionality to include email as an additional factor. You now have a choice of delivering one-time passwords (OTP) using email, in addition to the preexisting support for text messages (SMS) and time-based one-time passwords (TOTP). You can enable email MFA either as part of the sign in process or as a challenge for adaptive authentication.

With Amazon Cognito, it’s easier to integrate authentication, authorization, and user management into your web and mobile apps. Amazon Cognito provides authentication for applications with millions of users and supports sign-in with social identity providers such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via standards such as SAML 2.0 and OpenID Connect.

This new feature is now available as part of Cognito advanced security features in all AWS Regions, except AWS GovCloud (US) Regions.

To get started, see the following resources:

Adding MFA to a user pool
Amazon Cognito advanced security features pricing

Source:: Amazon AWS