diff --git a/src/pages/[platform]/build-a-backend/auth/concepts/multi-factor-authentication/index.mdx b/src/pages/[platform]/build-a-backend/auth/concepts/multi-factor-authentication/index.mdx index 9fa4327f8f9..062e1bd2786 100644 --- a/src/pages/[platform]/build-a-backend/auth/concepts/multi-factor-authentication/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/concepts/multi-factor-authentication/index.mdx @@ -881,6 +881,8 @@ export const auth = defineAuth({ mode: 'OPTIONAL', email: true, }, + // BE SURE TO PICK A RECOVERY OPTION APPROPRIATE FOR YOUR APPLICATION. + accountRecovery: "EMAIL_AND_PHONE_WITHOUT_MFA", senders: { email: { fromEmail: 'noreply@example.com', @@ -920,15 +922,10 @@ Once you have setup email as your second layer of authentication with MFA as sho In order to send email authentication codes, the following prerequisites must be met: - Cognito must be configured to send emails using [Amazon Simple Email Service (Amazon SES)](/[platform]/build-a-backend/auth/moving-to-production/#email). -- [Advanced Security Features (ASF)](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) must be enabled in your user pool. - If account recovery is enabled in Cognito, the delivery method for recovery messages cannot be set to `Email only` - -Additional pricing applies for ASF. [Learn more about Amazon Cognito pricing](https://aws.amazon.com/cognito/pricing/) - - ### Enable EMAIL MFA during sign-up You will need to pass `email` as a user attribute to enable email MFA for your users during sign-up. However, if the primary sign-in mechanism for your Cognito resource is already `email` (without enabling `username`), then you do not need to pass it as an attribute.