The AWS Cognito product enables developers to build web or API based applications without worrying about authentication and authorisation.
When setting up an applications authentication I try to keep in mind a few goals:
Keep my users data as safe as possible. Try and find something which is standards based, or supports integrating with standard protocols such as openid, oauth2 and SAML. Evaluate the authentication flows I need and avoid increasing scope and risk.