Authentication

Password policy does prevent password reuse

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Password Policy is the set of rules that defines the password a RAM user can choose. A password that has been used in the past may have been compromised in the past, and enlarges the chances to steal the credentials of a RAM user using credential public databases. The cloud account {CloudAccount} was found to have too weak policy.
  • Recommended Mitigation

    Review the password policy and require a password that was not used at the last 5 password changes. Read more: <a href="https://www.alibabacloud.com/help/doc-detail/116413.htm" target="_blank" rel="noopener noreferrer">https://www.alibabacloud.com/help/doc-detail/116413.htm</a>