The only way to set MFA OFF via CLI is to set phone as an alias

[warwickgrigg]

MFA is ON by default. (I would have expected OFF):

`awsmobile user-signin enable

enabled: user-signin
backend awsmobile project enabled features:
analytics, hosting, user-signin

$ grep mfa awsmobilejs/backend/mobile-hub-project.yml
mfa-configuration: ON`

If instead I go to advanced settings, de-select phone (I don't need it), it doesn't offer any MFA option, and MFA remains ON

`awsmobile user-signin enable --prompt

? Sign-in is currently disabled, what do you want to do next Go to advance settings
? Which sign-in method you want to configure Cognito UserPools (currently disabled)
? How are users going to login Email
? Password minimum length (number of characters) 8
? Password character requirements

$ grep mfa awsmobilejs/backend/mobile-hub-project.yml
mfa-configuration: ON`

The only way to set MFA OFF is to set phone as an alias (only then is the MFA authentication question asked):

`
awsmobile user-signin enable --prompt

? Sign-in is currently disabled, what do you want to do next Go to advance settings
? Which sign-in method you want to configure Cognito UserPools (currently disabled)
? How are users going to login Email, Phone number (required for multifactor authentication)
? MFA authentication disabled
? Password minimum length (number of characters) 8
? Password character requirements

$ grep mfa awsmobilejs/backend/mobile-hub-project.yml
mfa-configuration: OFF
`

This doesn't make sense. I suggest that:

• MFA should be OFF by default
• There should be a way to select the valid (and common) combination of no phone and MFA OFF

[elorzafe]

Hi @warwickgrigg

Thanks for your feedback, we found that enable MFA by default is a common use case. We will look for an alternative.

MFA shouldn't be enabled when phone is not selected. I will tag this as a bug

[UnleashedMind]

The latest update (v 1.0.13) should have resolved this issue.