IAM Password policy should have requirement for at least one symbol in the password.
IAM account password policies should ensure that passwords content including a symbol.
Impact
Short, simple passwords are easier to compromise
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log in to the AWS Management Console.
-
Select the “Services” option and search for IAM.
-
Scroll down the left navigation panel and choose “Account Settings” under “Access management”.
-
Under the “Password Policy” configuration panel scroll down and click on “Change password policy” button.
-
Under the “Password Policy” configuration panel scroll down and check the “Require at least one non-alphanumeric character (! @ # $ % ^ & * ( ) _ + - = { } | ‘)”. If the checkbox is not selected, then the password policy does not enforce the use of symbols in password.
-
Click on the checkbox next to “Require at least one non-alphanumeric character (! @ # $ % ^ & * ( ) _ + - = { } | ‘)” so “Password Policy” requires at least one symbol to make the password more strong and secure.
-
Click on the “Save changes” button to make the necessary changes.
-
Now “Password Policy” will enforce the use of symbols in password.