Clouds With Weak Password Policy
This bot inspects all configured cloud accounts for the presence of a password policy for all configured user accounts. The checks require that passwords be at least eight characters in length, prevents ] password reuse, and requires special characters and numbers. The bot can be customized to tweak any of the values to adhere and enforce any desired password policy.
Recommended Action
Leverage services such as AWS IAM to specify a strong password policy which adheres to industry standards and best practices. Reference the following link for guidance:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
Severity
Medium
Resource Types Inspected
Organization Services (Cloud Accounts)
Reactive Hookpoints
resource.modified