AWS Password Best Practices
Setting Password Parameters in AWS
To increase the resiliency of user passwords, you must enforce password best practices. Overly complex password parameters can be problematic, so it’s best to follow industry-accepted best practices. In AWS, we recommend that your IAM password policies require at least one lowercase letter, one uppercase letter, one number, one symbol, and a minimum length of 10 characters. When password policies are properly configured with appropriate parameters, you reduce the risk of compromised credentials.
For more information, visit the AWS documentation for a setting password policy for IAM users.
Password policies are the perennial purview of security professionals everywhere. Ensuring that password complexities are enabled is a requirement from many different standards across many different verticals. AWS allows you to generate custom password policies to enforce your complexity requirements. Password policies can be generated by logging into the AWS Management Console, going to IAM, looking at the “settings” section, then you can go in and generate your custom password policies. Recommended best practices define length and complexity requirements as should be used for each password. A minimum password length of 14 characters, using an upper and lowercase letter, a number, and a special character is recommended. By enforcing these password policies, you can ensure your users choose strong passwords which helps to prevent the potential of a compromised password through a random brute-force attack.