Many vulnerabilities take advantage of programming errors on the authentication page, related to users stored in relational data tables (SQL Injection ), as well as other vulnerabilities related to Broken Authentication
Use security services for the authentication of your customers such as Amazon Cognito so that your application has a secure context-based authentication, and with the option of adding multiple authentication factors, as well as a single sign on and federation from social networks (Amazon, Google, Facebook).
Amazon Cognito supports the following standards: SAML, OpenID Connect y OAuth2.0.
Multiple solutions from our partners are available in the AWS Marketplace such as:
An additional recommendation in risk reduction associated with customer authentication, is the use of AWS WAF Fraud Control Account Takeover Prevention (ATP), which intercepts malicious behaviors on the authentication page, such as the use of exposed credentials and Password guessing attempts.
https://docs.aws.amazon.com/waf/latest/developerguide/waf-atp.html
Cognito:
Payment for use, the cost is according to the number of monthly active users (MAU).
Cognito has a free tier of 50,000 MAU for basic protection.
https://aws.amazon.com/cognito/pricing/
WAF ATP:
Account Takeover Prevention has a monthly fee of $10 and $1 per thousand login attempts analyzed
https://aws.amazon.com/waf/pricing/