How to Modify Password Complexity in a Password Policy
Password Requirements for IAM Users
We recommend that AWS IAM password policies require at least one lowercase letter, one uppercase letter, one number, one symbol, and is at least 10 characters long. If your AWS administrator doesn’t set a custom password policy, then AWS will apply a default password policy that requires a minimum length of eight characters and a maximum of 128, a mix of character types, and cannot be identical to the AWS account name or email. In this demo, AWS expert Mike Wise will walk through how to view your current password policy and how to modify it.
- From the AWS Management Console, navigate to the IAM Dashboard.
- Click on Account Settings, which will bring up the Password Policy box. This box tells you what your current password policy requires of an AWS IAM user.
- To modify the policy, hit Change Password Policy. This brings you to a screen where you can edit your password policy requirements, including: minimum password length, uppercase letter, lowercase letter, number, non-alphanumeric character, password expiration period, reuse, etc.
For a visual guide on how to modify your password requirements, watch the full demo. To learn more about password policies for IAM users, read here.
So, we first need to log in to the AWS Management Console. Then, we need to search for “IAM.” Now, from the IAM policy screen, we need to look at a couple of things. We need to look at the account settings. In the “Account Settings,” this is where the password policy is going to be set. The “Password Policy” box is going to tell you a couple of different pieces of information. We’re going to look at the different things that you can assess in “Password Policy.” In this case, this one already has the policy set, but we are going to look at changing the policy so we can see what we can change. So, when we look at the password policy, we can see that there are a lot of different characteristics that can be enabled. We can enforce the minimum password length. In this case, the minimum password length is 10 characters. We’re going to require at least one uppercase letter from the Latin alphabet. We can also require at least one lowercase letter from the Latin alphabet, require at least one number, and require at least one non-alphanumeric character. We’ve also enabled the password expiration date. This is set to quarterly, every 90 days. We’re allowing users to change their own password and we’re preventing password reuse. This will ensure that the last 12 passwords cannot be remembered.