Password complexity requirements can be enforced using password policies. IAM password policies can be used to ensure that the users’ passwords are at least a given length. It is recommended that the password policy requires a minimum password length of 14 characters.
Setting a password complexity policy increases account resiliency against brute force login attempts. If password length requirements are not enforced, users with smaller and weaker passwords become much more vulnerable to brute force attacks.
Accounts that can be brute forced provide access to attackers and consequently access to all data and resources within. In case of accounts with administrative access, this could mean the compromise of all resources, data, and even business intellectual property.
In this article we will see how to update IAM password policy.
Following are the steps to update IAM password policy in AWS to require minimum password length of 14 or greater:
Login to AWS Management Console
Navigate to IAM service
On the left panel of IAM dashboard, under Access Management, click on Account settings
Under Password Policy section we can see that the Minimum password length is 8 characters
To update this setting, click on Change
Under Enforce minimum password length, specify “14” characters
Click on Save changes
The Password Policy has been successfully updated
