lacework-global-210
Password policy does not meet complexity requirements (Automated)
Description
Alert when the password policy for the tenancy does not meet complexity requirements. Complex passwords are harder to guess and can decrease the chances of unauthorized access or compromised data.
Remediation
From Console:
- Login to OCI console.
- Select Identity from Services menu.
- Select Settings from Identity menu, or select Domains, select a domain, and select Settings.
- Select Password policy and select the password policy.
- Click Edit password rules, and select Custom for the password policy strength.
- Set the following policies:
- Password length (minimum) to at least 14
- Lowercase (minimum) to at least 1
- Uppercase (minimum) to at least 1
- Special (minimum) to at least 1
- Numeric (minimum) to at least 1
- Select the Save changes button at the bottom of the pane to confirm the updated policy.
From CLI:
Run the following command to set the password policy:
oci iam authentication-policy update --compartment-id <compartment-ocid> --password-policy '{"minimum_password_length":"14", "is_lowercase_characters_required":true, "is_numeric_characters_required":true, "is_special_characters_required":true, "is_uppercase_characters_required":true}'
Note: After running this command, the following prompt appears:
Are you sure you want to delete this resource? [y/N]
Type 'y' and press 'Enter'
References
https://docs.oracle.com/en-us/iaas/cloud-guard/using/detect-recipes.htm#detect-recipes-ref-config__PASSWORD_POLICY_NOT_COMPLEX
https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingpasswordrules.htm