Alibaba Cloud RAM password policies can be used to enforce password complexity requirements. It is recommended that the password policy require at least one numeric character to increase the character diversity of passwords. This enhances account resiliency against brute force logon attempts and dictionary attacks by expanding the keyspace.
Risk
Without requiring numeric characters in the password policy, users may create passwords composed only of alphabetic characters. Such passwords are more susceptible to dictionary attacks and automated cracking tools, potentially compromising the confidentiality of user accounts and the cloud resources they protect.
prowler alibabacloud --checks ram_password_policy_number
Recommendation
Configure the RAM password policy to require at least one numeric character to improve password complexity.
Remediation
aliyun ram SetPasswordPolicy --RequireNumbers true
- Log on to the RAM Console.
- Choose Settings.
- In the Password section, click Modify.
- In the Charset section, select Number.
- Click OK.
Source Code
Resource Type
ALIYUN::RAM::SecurityPreference