Ensure OCI IAM password policy has a minimum length of 14 characters

Error: OCI IAM password policy for local (non-federated) users does not have minimum 14 characters
Bridgecrew Policy ID: BC_OCI_IAM_5
Checkov Check ID: CKV_OCI_18
Severity: HIGH

Suggest Edits

OCI IAM password policy for local (non-federated) users does not have minimum 14 characters

Description

This policy identifies Oracle Cloud Infrastructure(OCI) accounts that do not have a minimum of 14 characters in the password policy for local (non-federated) users. As a security best practice, configure a strong password policy for secure access to the OCI console.

Fix - Runtime

OCI Console

Login to the OCI Console Page: https://console.ap-mumbai-1.oraclecloud.com/
Go to Identity in the Services menu.
Select Authentication Settings from the Identity menu.
Click Edit Authentication Settings in the middle of the page.
Type the number in range 14-100 into the box below the text: MINIMUM PASSWORD LENGTH (IN CHARACTERS).

Note : The console URL is region specific, your tenancy might have a different home region and thus console URL.

Fix - Buildtime

Terraform

Resource: oci_identity_authentication_policy
Arguments: password_policy.minimum_password_length

resource "oci_identity_authentication_policy" "pass" {

  compartment_id = var.tenancy_id

  password_policy {
...
    minimum_password_length          = 14
  }
}

Updated 10 months ago