Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure password are at least a given length. It is recommended that the password policy require a minimum password length 14.
  • Recommended Mitigation

    Make sure you have password policy configured and edit the password policy to require passwords with length of 14 or more characters