Amazon Cognito Introduces Passwordless Authentication – but its built-in flows come with limitations

The Passwordless Update: What’s New

On November 22, 2024, Amazon Cognito announced support for passwordless authentication, enabling users to sign in with passkeys, email one-time passwords (OTPs), or SMS OTPs through Cognito’s Managed Login UI.

This is a significant update, bringing passwordless options directly into Cognito's ecosystem without requiring custom workarounds. It's ideal for businesses already using AWS services that want to stay within the AWS ecosystem while adopting passwordless authentication for their login screen without major engineering effort.

Beyond Login Protection

While Cognito handles basic login security, businesses often need protection beyond just the front door. This is where Authsignal comes in.

When someone's already logged in but tries to transfer money, change account details, or access sensitive data, Authsignal provides the extra security checks you need without the heavy engineering lift.

Building these advanced protections in AWS requires significant engineering work. You'd need to create systems for:

• Extra verification when someone attempts risky actions
• Re-authentication for sensitive transactions
• Advanced fraud detection and observability
• Flexible security flows that match your specific business needs

Instead of your engineering team spending months building complex authentication systems, you can simply extend AWS Cognito’s functionality with Authsignal - unlocking enterprise-grade security features without the headaches.

‍

‍

How Authsignal Elevates Cognito

Authsignal enhances Cognito by adding the advanced authentication capabilities you need without burdening your engineering team:

• Secure the Entire Journey - Add checks for sensitive actions, not just logins.
• Step-Up Authentication - Verify identities before high-stakes moves like payments or data changes.
• More Ways to Authenticate - Go beyond SMS and email with WhatsApp OTP, biometrics, push notifications, and magic links.
• Cut Costs - Swap expensive SMS OTPs for alternatives like WhatsApp, leveraging its 3 billion+ users.
• No-Code Flexibility - Use our no-code rules engine to configure policies.‍
• Native Mobile App Support - Mobile SDKs to make it easy to integrate passkeys and other passwordless authentication methods into your mobile apps for a fully native experience.

Quick Integration

Authsignal works seamlessly with both Cognito's Managed Login UI and custom Lambda-triggered workflows.

• Pre-Built UI: Drop Authsignal’s low-code flows into Cognito’s hosted UI for instant passwordless options like passkeys or WhatsApp OTP.
• Client SDKs: For full control, use Authsignal’s SDKs (web, iOS, Android, React Native, Flutter) to craft custom UIs. Add features like biometric sign-in to native apps with just a few lines of code.

Cognito + Authsignal: Better Together

AWS Cognito’s passwordless authentication is a great step toward modern authentication, enhancing both security and user experience. Authsignal makes it exceptional by adding flexibility, advanced security features, and deeper user insights.

Ready to enhance your authentication strategy? Explore Authsignal’s Cognito integration or schedule a demo to see Authsignal in action.