IAM password policies should prevent reuse of the four previously used passwords

Description

IAM password policies should prevent users from reusing any of their previous 4 passwords. Preventing password reuse increases account resiliency against brute force login attempts.

Console Remediation Steps

  • Navigate to Identity and Access Management.

  • In the left navigation, select Account Settings.

  • Check Prevent password reuse.

  • In Number of passwords to remember, enter 4.

  • Click Apply password policy.

CLI Remediation Steps

  • Set number of passwords to remember to 4.

  • This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value.

    • aws iam update-account-password-policy <other password options> --password-reuse-prevention 4