Alibaba Cloud RAM password policies can be used to enforce password complexity requirements. It is recommended that the password policy require at least one special character (symbol) to increase the character diversity of passwords. Special characters significantly increase the keyspace that attackers must search, enhancing account resiliency against brute force logon attempts.
Risk
Without requiring symbols in the password policy, users may create passwords composed only of alphanumeric characters. Such passwords have a reduced keyspace and are more susceptible to brute force attacks and automated password cracking tools, potentially compromising the confidentiality of user accounts and the cloud resources they protect.
prowler alibabacloud --checks ram_password_policy_symbol
Recommendation
Configure the RAM password policy to require at least one symbol to improve password complexity.
Remediation
aliyun ram SetPasswordPolicy --RequireSymbols true
- Log on to the RAM Console.
- Choose Settings.
- In the Password section, click Modify.
- In the Charset section, select Symbol.
- Click OK.
Source Code
Resource Type
ALIYUN::RAM::SecurityPreference