IAM Password policy should prevent password reuse.
IAM account password policies should prevent the reuse of passwords.
The account password policy should be set to prevent using any of the last five used passwords.
Impact
Password reuse increase the risk of compromised passwords being abused
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log in to the AWS Management Console.
-
Select the “Services” option and search for IAM.
-
Scroll down the left navigation panel and choose “Account Settings” under “Access management”.
-
Under the “Password Policy” configuration panel scroll down and click on “Change password policy” button.
-
On the “Set password policy” page scroll down and check the “Prevent password reuse”. If the checkbox is not selected then the password policy does not prevent the reuse of password.
-
Click on the checkbox next to “Prevent password reuse” so “Password Policy” prevents reuse of the older passwords. Enter the “Number of passwords to remember” to 24.
-
Click on the “Save changes” button to make the necessary changes.
-
Now “Password Policy” will prevent reuse of the older passwords for all the IAM users.