IAM Password policy should have minimum password length of 14 or more characters.
IAM account password policies should ensure that passwords have a minimum length.
The account password policy should be set to enforce minimum password length of at least 14 characters.
Impact
Short, simple passwords are easier to compromise
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log in to the AWS Management Console.
-
Select the “Services” option and search for IAM.
-
Scroll down the left navigation panel and choose “Account Settings” under “Access management”.
-
Under the “Password Policy” configuration panel scroll down and click on “Change password policy” button.
-
On the “Set password policy” page scroll down and check the “Enforce minimum password length”. If the password length is set less than 8 characters than the password security is at risk.
-
Mention the minimum characters required to 14 in the textbox. Click the checkbox against “Require at least one uppercase letter” and “Require at least one lowercase letter” to make the password more secure.
-
Click on the “Save changes” button to make the necessary changes.
-
Now “Password Policy” requires at least 14 characters with one uppercase and one lowercase character for a strong and secure password.