IAM password policies should require a minimum length of 14

Description

It is recommended that an enterprise’s password policy require a password length of at least 14 characters. Setting a password complexity policy increases account resiliency against brute force login attempts.

Console Remediation Steps

• Navigate to IAM Account Settings.

• In the Minimum password length field, set it to 14 or greater.

• Click the Apply password policy button.

CLI Remediation Steps

• Set password policy to require at least one number.

• This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value. aws iam update-account-password-policy <other password options> --require-numbers

Documentation Links

• Setting a Password Policy (Console)

• Setting a Password Policy (CLI)