IAM password policies should prevent reuse of previously used passwords

Description

IAM password policies can prevent the reuse of a given password by the same user. Preventing password reuse increases account resiliency against brute force login attempts.

Console Remediation Steps

  • Navigate to IAM.

  • In the left navigation, select Account settings.

  • Check the Prevent Password reuse checkbox.

  • In the Number of passwords to remember field, enter 24.

  • Click the Apply password policy button.

CLI Remediation Steps

  • Set number of passwords to remember to the highest possible value.

  • This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value. aws iam update-account-password-policy <other password options> --password-reuse-prevention 24