Password policies are, in part, used to enforce password complexity requirements. Use IAM password policies to ensure passwords are a minimum length. The password policy should require a minimum password length of 14 characters.
Setting a password complexity policy increases account resiliency against brute force login attempts.
See the CIS AWS Foundations Benchmark controls docs for console remediation steps.
16 Account Monitoring and Control