Password Policy does not Enforce Proper Minimum Length

Risk Level

Informational (4)



Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure password are at least a given length. It is recommended that the password policy require a minimum password length 14.
  • Recommended Mitigation

    Make sure you have password policy configured and edit the password policy to require passwords with length of 14 or more characters