Authentication

Password Policy does not Enforce Proper Minimum Length

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure password are at least a given length. It is recommended that the password policy require a minimum password length 14.

  • Recommended Mitigation

    Make sure you have password policy configured and edit the password policy to require passwords with length of 14 or more characters

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.