IAM Password Policy Password Expiration Disabled

Tenacity Id

Risk Level




Last Updated:

April 21, 2022

The Identity and Access Management (IAM) password expiration policy is disabled. An IAM password policy enforces requirements for your IAM Users passwords. The password expiration policy deals with how long a password can be used without being changed. The longer the password is allowed to be used the higher the risk that a lost or stolen password can be used by an attacker. The password expiration policy should be enabled and set to 90 days or less.