Help Center/ Config/ User Guide/ Resource Compliance/ Built-In Policies/ Identity and Access Management/ Password Strength Check
Updated on 2024-10-15 GMT+08:00
View PDF
Share

Password Strength Check

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

iam-password-policy

Identifier

iam-password-policy

Description

If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant.

Tag

iam

Trigger Type

Configuration change

Filter Type

iam.users

Configure Rule Parameters

pwdStrength: indicates the password strength. Values include Strong, Medium, and Low. The default value is Strong.

NOTE:

Password strength:

  • Strong: A password contains 8 to 32 characters and must include at least three character types among uppercase letters, lowercase letters, digits, special characters, and spaces.
  • Medium: A password contains 8 to 32 characters and two character types among uppercase letters, lowercase letters, digits, special characters, and spaces.
  • Low: A password contains 8 to 32 characters with the same type. The character type can be uppercase letters, lowercase letters, digits, special characters or spaces.

Applicable Scenario

This rule allows you to detect passwords that do not meet the specified password strength requirements. For more details, see Set a Strong Password Policy.

Solution

You can modify noncompliant passwords. For details, see Changing the Login Password of an IAM User.

Rule Logic

  • If an IAM user does not have a password configured, this user is compliant.
  • If an IAM user is in the disabled state, this user is compliant.
  • If an IAM user is in the enabled state and their password meets the specified strength requirements, this user is compliant.
  • If an IAM user is in the enabled state and their password does not neet the specified strength requirements, this user is noncompliant