AWS Password Reuse Policy
Restricting Password Reuse in AWS IAM
When it comes to password practices, the human tendency is to reuse old passwords. This is a common security error that can be fixed within AWS IAM by enforcing a password reuse policy. Industry best practices is to ensure that IAM password policies prevent password reuse for the last 24 passwords. Once you properly configure your password policy to prevent reuse, it will ensure that users generate new and unique passwords each time.
For more information about password resiliency, visit the AWS documentation for a setting password policy for IAM users.
One of the most common things I see as a security professional is that passwords are reused across multiple platforms. One of the things you can do within your environment in AWS is ensure that passwords that were previously used are not able to be used by users again. You can do this by generating an AWS Identity and Access Management password policy. Log into your AWS Management Console, go to the IAM settings, and then enforce a password history. CIS best practices state that users should not be able to use the same password that was used in the last 24 passwords. By doing this, you make sure your users are generating new and unique passwords each time. This ensures that if a password was compromised in the past, it is not reused.