Identity domain password policies should prevent password reuse

oracle-cloud-infrastructure
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Password policies in OCI Identity Domains should prevent password reuse by maintaining a history of at least 24 previous passwords. This prevents users from cycling through a small set of passwords and ensures stronger account security by reducing the risk of compromised credentials being reused. Organizations should configure both default and custom password policies to meet this requirement.

Note: This rule excludes the system-provided simplePasswordPolicy and standardPasswordPolicy policies as these are not user editable, not assignable to groups, and do not apply as default policies. Custom password policies that are not assigned to any groups are excluded because they are not applied to any users and therefore have no effect.

Remediation

Configure password policies in your OCI Identity Domain to maintain a password history of at least 24 previous passwords. For guidance on managing password policies in Identity Domains, refer to the Managing Password Policies section of the Oracle Cloud Infrastructure documentation.