Likelihood to Recommend Well Suited B2C mobile and web apps with a high number of users. Cheaper and cost-effective. If the other pieces of the infra are already using AWS services like Lambda, S3, Pinpoint, etc. Not Suited For: Advanced use-cases (Biometrics based authentication) Email, and other MFA channels. For any use-cases needing SCIM. Customized flows of SSO, and MFA will need a layer on Lambda and other AWS services. Read full review YubiKeys are incredibly effective for protecting against phishing attacks, as they require physical interaction and can't be remotely compromised. They're ideal for safeguarding high-value targets (executives, IT admins, those handling sensitive data), enhancing remote access security, and often help meet industry compliance regulations. However, the initial hardware cost may be a concern for large-scale deployments with many low-risk users. Users prone to losing small items or scenarios involving older, incompatible systems might pose logistical challenges. Nonetheless, YubiKeys remain robust when addressing phishing-based attacks and securing privileged accounts. Consider a targeted rollout balancing security gain against potential hardware costs and user needs.
Read full review Pros Strong integration with React.js and client-side applications Easy to bridge Cognito identities with the rest of the AWS ecosystem Easy to store user profile data directly in Cognito rather than having to build additional services/endpoints Easy integration with AWS Lambda to extend and add sophistication to the service Read full review Provides additional factors for authenticating against critical systems. Significantly reduces the chance of a successful phishing attempt. Can function as your primary credential for passwordless authentication. Extremely durable - I've had the same Yubikeys in use for years. Cross-platform - can be used on all mainstream operating systems and mobile devices. Read full review Cons Amazon Cognito has a bit of a learning curve. You need to learn its concepts and terminology. The documentation does not describe some topics comprehensively. Some Console screens would benefit from improved search and filtering options. When another AWS product (e.g., SageMaker) configures Cognito on your behalf, it is not clear what you're getting. For example, the expiration of a temporary password was configured but never communicated. Read full review I'd feel better if the key were a little more solidly built - it feels a little flimsy The design could also use a cap for the connection - I'm nervous having it on my key chain and users have mentioned the same concerns. There seems to be some cracks forming in the support for security keys which is starting to mitigate the usefulness across an entire ecosystem. Dave Brown Computer and Information Systems Manager
Read full review Usability All the features AWS Cognito offers gives the user the options they need without making it too complicated. Your customers will be happy. On the administration site usability is also great. After a small learning curve, you can setup Cognito for your usage
Read full review I give slightly better than average rating because of the complexity in using a Yubikey. It is not as easy as native push notifications for 2FA products, however, it provides much better strength. Rating this higher or lower would be a disservice to people reading this review. If you are in the market for a hardware 2FA tool, Yubikey will be a great asset in your toolbox.
Read full review Reliability and Availability simple to use and keep on hand to deploy/use
Read full review Performance its instantaneous!
Read full review Support Rating AWS Support overall is poor. Your main resources are trainings and the docs, and the docs can be very confusing. Using Cognito well involves having a developer learn it deeply and help support your team in understanding it. That said, Cognito's competitors also have dismal support and even worse documentation, so while this isn't a strength for Cognito it may still be the frontrunner here.
Read full review Alternatives Considered They are ideal tools to create a secure and unique login experience for our applications. Thanks to its API authorization, Amazon Cognito ensures connections to applications that are secure.It is easy to use and provides easy access to files and applications that you need to complete your goal.
Read full review Duo and Yubico YubiKeys actually work very well together. We have chosen to use these two products together to make safe and secure MFA (including Passwordless) available to all users. The ease of use that Duo allows for both OTP import and WebAuthn enrollment makes it possible for modern and legacy applications to be protected by Duo MFA via Yubico YubiKeys as the second factor.
Read full review Scalability deployment is simple and the complex hardware is made simple.
Read full review Return on Investment ROI is great for Amazon Cognito Overall. It is included in the AWS Free Tier so you can use it for a good amount without paying, so the software can be tested beforehand. The paid pricing is also affordable, so a positive impact on ROI. Read full review It provides security that allows me to feel confident and peace of mind that my account is really hard to hack Easy ROI since it would be really expensive if my account were hacked It's easy and fast to use, so it doesn't slow me down when traveling. Read full review ScreenShots