By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How Cognito User Pool store password securely ?

0

What is the password-storing mechanism used by the Cognito user pool? i.e Hashing? SHA-256 hashing SHA-512 hashing PBKDF2 hashing

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito
Language
English
Indeewari
asked 4 months ago266 views
1 Answer
1

Hi,

Cognito Identity does not receive or store user credentials. Cognito Identity uses the token from the identity provider to obtain a unique identifier for the user.

Please. go to Cognito's FAQ: https://aws.amazon.com/cognito/faqs/#:~:text=Cognito%20Identity%20does%20not%20receive%20or%20store%20user%20credentials.

Q: When using public identity providers, does Amazon Cognito Identity store users’ credentials?

No, your app communicates directly with the supported public identity provider (Amazon, Facebook, Twitter,  Google, or an Open ID Connect-compliant provider) to authenticate users. Cognito Identity does not receive or store user credentials. Cognito Identity uses the token from the identity provider to obtain a unique identifier for the user and then hashes it using a one-way hash so that the same user can be recognized again in the future without storing the actual user identifier.

Best, Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content