Authentication

Password Policy does not Enforce Proper Minimum Length

Description

Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure password are at least a given length. It is recommended that the password policy require a minimum password length 14.
  • Recommended Mitigation

    Make sure you have password policy configured and edit the password policy to require passwords with length of 14 or more characters