AWS Password Policy Prevents Password Reuse

This policy validates that the account password policy prevents users from re-using previous passwords, and prevents password reuse for 24 or more prior passwords.

Preventing password reuse means that when passwords are rotated they are changed to new passwords. This is considered best security practice as if users are constantly switching between a small number of passwords, when one is compromised the password reset will not prevent its use for long effectively negating the effect of enforcing regular password resets.

Remediation

To remediate this, set the account password policy to prevent password reuse and set number of passwords to remember to be 24 or more.

References

Last updated