IAM password policies should have a minimum length of 7 and include both alphabetic and numeric characters

Description

IAM password policies are used to enforce password complexity requirements and increase account resiliency against brute force login attempts. Password policies should require passwords to be at least 7 characters long and include both alphabetic and numeric characters.

Console Remediation Steps

  • Navigate to Identity and Access Management.

  • In the left navigation, select Account Settings.

  • In the Minimum password length field, enter 7.

  • Check Require at least one number.

  • Click Apply password policy.

CLI Remediation Steps

  • To update a password policy to have a minimum length of 7 and include both alphabetic and numeric characters:

    • [--minimum-password-length 7]

    • [--require-symbols]

    • [--require-numbers]