How to update IAM password policy to require minimum password length of 14 or greater

Introduction

Password complexity requirements can be enforced using password policies. IAM password policies can be used to ensure that the users’ passwords are at least a given length. It is recommended that the password policy requires a minimum password length of 14 characters.

Setting a password complexity policy increases account resiliency against brute force login attempts. If password length requirements are not enforced, users with smaller and weaker passwords become much more vulnerable to brute force attacks.

Accounts that can be brute forced provide access to attackers and consequently access to all data and resources within. In case of accounts with administrative access, this could mean the compromise of all resources, data, and even business intellectual property.

In this article we will see how to update IAM password policy.

Update IAM password policy

Following are the steps to update IAM password policy in AWS to require minimum password length of 14 or greater:

1. Login to AWS Management Console

2. Navigate to IAM service

   

3. On the left panel of IAM dashboard, under Access Management, click on Account settings

   

4. Under Password Policy section we can see that the Minimum password length is 8 characters

   

5. To update this setting, click on Change

   

6. Under Enforce minimum password length, specify “14” characters

   

7. Click on Save changes

   

8. The Password Policy has been successfully updated