Dynata Protects 200 Websites Using Advanced Security Features of Amazon Cognito

Dynata is a global market research company with more than 70 million members in dozens of countries around the globe. The company collects marketing and preference data from people who opt in to member-based communities and fill out surveys on hundreds of websites, including many in global languages. However, threat actors from all over the world target Dynata websites with credential stuffing events to try to steal member rewards, which range in form from gift cards to cash. In a credential stuffing event, an unauthorized user gains access to someone’s username and password on one website and attempts to log on to other websites using the same credentials. “We see millions of fraud attempts a day,” says Cachón Guillén.

The company wanted a solution that offered advanced risk detection and automatic notice of credentials that have been inadvertently accessed. When it verified that Amazon Cognito would both improve the user experience and empower teams to implement robust security capabilities, Dynata began migrating its member accounts to Amazon Cognito in June 2023, and the implementation went smoothly—with virtually no disruption to customers. The company followed AWS recommendations to enhance security, including creating rules based on bad IP lists and adding captcha challenges when appropriate.

In addition, Dynata will be implementing AWS services during reward redemptions for near-real-time authentication in its verification services. “This will represent a substantial cost savings to Dynata, which currently uses a separate third-party service for this exercise” says Paul Hudson, senior vice president of engineering at Dynata.

Strong password protection is one of the advanced security features of Amazon Cognito that Dynata uses. When the customer IAM service detects a weak password, it automatically prompts the user to update it, which has strengthened the security of user data. “A significant number of our customers have already improved the strength of their credentials,” says Cachón Guillén. Moreover, Amazon Cognito automatically notifies customers when their credentials might have been inadvertently accessed on another website, substantially reducing the risk of cybercrime. “The advanced security features of Amazon Cognito represent one of the greatest benefits that it offers us,” says Cachón Guillén.

Although customers aren’t aware that their accounts are using a new authentication service, they have nonetheless benefited from automation. Using Amazon Cognito, Dynata reduced workflows to make it simpler and faster to sign on, saving about 5 seconds per log-on. More important, Dynata uses Amazon Cognito to keep customer information secure. “Using Amazon Cognito, we are maintaining the trust of our members,” says Cachón Guillén. Additionally, Dynata has greatly decreased the potential impact of credential stuffing events.

In tandem with Amazon Cognito, Dynata uses AWS Lambda—a serverless, event-driven compute service that businesses can use to run code for virtually any type of application or backend service—for custom authentication and password reset emails and to migrate accounts from its legacy system. It also used AWS Lambda to speed up its launch by enriching the Amazon Cognito JSON Web Token, which is a way to securely transmit information as a JSON object, with its legacy authentication token. “We wanted to launch as quickly as possible without reworking all of our APIs to read the Amazon Cognito JSON Web Token,” says Cachón Guillén. “That way, we use Amazon Cognito for authentication, but we still have compatibility with the domains that haven’t yet migrated.”

Dynata teams are happy to be migrating to Amazon Cognito with virtually no downtime. “Ever since we started using AWS, zero downtime has been our mantra,” says Cachón Guillén. “Because we have 200 websites, it wouldn’t be one instance of downtime, but 200.” The simplicity of using Amazon Cognito has saved Dynata 3 months of development and coordination work.

Dynata is migrating to Amazon Cognito incrementally to customize its authentication experience and branding for its 200 domains. After tackling its top four marketplaces in the first 3 months. Dynata plans to migrate all of its accounts to Amazon Cognito by the first quarter of 2024. “This was a very fast turnaround for the complexity that we have across 200 domains,” says Guillén.

Figure 1. High-level view showing password auth and custom auth via email signature