Authentication

IAM password policy does not meet OCI complexity requirements

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure passwords are at least a certain length and are composed of certain characters. It was detected that the IAM password policy {OciAuthenticationPolicy.PasswordPolicy} does not meet OCI complexity requirements - minimum password length of 14 characters and non-alphabetic character (number or special character).
  • Recommended Mitigation

    It is recommended to edit the password policy to require a minimum password length of 14 characters and contain 1 non-alphabetic character (number or special character).