The only way to set MFA OFF via CLI is to set phone as an alias

[warwickgrigg]

MFA is ON by default. (I would have expected OFF):

`awsmobile user-signin enable

enabled: user-signin backend awsmobile project enabled features: analytics, hosting, user-signin

$ grep mfa awsmobilejs/backend/mobile-hub-project.yml mfa-configuration: ON`

If instead I go to advanced settings, de-select phone (I don't need it), it doesn't offer any MFA option, and MFA remains ON

`awsmobile user-signin enable --prompt

? Sign-in is currently disabled, what do you want to do next Go to advance settings ? Which sign-in method you want to configure Cognito UserPools (currently disabled) ? How are users going to login Email ? Password minimum length (number of characters) 8 ? Password character requirements

$ grep mfa awsmobilejs/backend/mobile-hub-project.yml mfa-configuration: ON`

The only way to set MFA OFF is to set phone as an alias (only then is the MFA authentication question asked):

` awsmobile user-signin enable --prompt

? Sign-in is currently disabled, what do you want to do next Go to advance settings ? Which sign-in method you want to configure Cognito UserPools (currently disabled) ? How are users going to login Email, Phone number (required for multifactor authentication) ? MFA authentication disabled ? Password minimum length (number of characters) 8 ? Password character requirements

$ grep mfa awsmobilejs/backend/mobile-hub-project.yml mfa-configuration: OFF `

This doesn't make sense. I suggest that:

• MFA should be OFF by default
• There should be a way to select the valid (and common) combination of no phone and MFA OFF

[elorzafe]

Hi @warwickgrigg

Thanks for your feedback, we found that enable MFA by default is a common use case. We will look for an alternative.

MFA shouldn't be enabled when phone is not selected. I will tag this as a bug

[UnleashedMind]

The latest update (v 1.0.13) should have resolved this issue.