aws AWS What's New ·

Amazon Cognito adds support for importing users with password hashes

securityawsengineer
feature

Amazon Cognito now allows importing users with pre-existing password hashes via CSV, eliminating the need for immediate password resets. This feature enables users to sign in with their existing credentials upon import, improving the user experience during migration. It supports common hashing algorithms like bcrypt, scrypt, Argon2id, and PBKDF2, and is available in all AWS Regions where Cognito is offered.

  • Import users with password hashes via CSV
  • Support for multiple password hashing algorithms
  • Availability and getting started
Features (1)
  • Import users with password hashes via CSV

    Amazon Cognito now supports including password hashes in CSV user imports, allowing users to sign in immediately with their existing credentials. Previously, users had to reset their passwords upon first sign-in after CSV import.

Enhancements (1)
  • Support for multiple password hashing algorithms

    The feature supports importing password hashes generated by bcrypt, scrypt, Argon2id, and PBKDF2 with SHA-256. Imported hashes are cryptographically protected before storage by Amazon Cognito.

Notes (1)
  • Availability and getting started

    Password hash import is available in all AWS Regions where Amazon Cognito is offered. Users can begin using this feature via the AWS Management Console, CLI, or SDKs.

Read the original announcement →

https://aws.amazon.com/about-aws/whats-new/2026/07/amazon-cognito-password-hash-import/

Related releases