I am curious if it is possible to prevent a user from re-using their password (or previous n passwords) in AWS Cognito. It seems like this would be a feature, but I don't see it in the documentation (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-policies.html).
It is possible with IAM (https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html).
The default setting is 7 days, measured from the time when an administrator or the user creates the account. The maximum setting is 365 days. After the account expires, the user can't log in to the account until you update the user's profile. To do this, update an attribute or resend the password to the user.
Cognito Identity does not receive or store user credentials. Cognito Identity uses the token from the identity provider to obtain a unique identifier for the user and then hashes it using a one-way hash so that the same user can be recognized again in the future without storing the actual user identifier.
By default, the refresh token expires 30 days after your application user signs into your user pool.
The temporary password can only be used until the user account expiration limit that you specified when you created the user pool. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.
First of all AWS Cognito UserPools Password policy and AWS IAM User Password Policy are two things. Although IAM User Password Policy allows configuring password change enforcement, it's not available with AWS Cognito yet.
Currently, you can only configure following attributes for the password.
In addition, you can configure MFA.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With