Skip to content

Ensure Password Complexity Rule Is in Place


Password complexity includes password characteristics such as length, case, length, and character sets.


Complex passwords help mitigate dictionary, brute forcing, and other password attacks.

This recommendation prevents users from choosing weak passwords which can easily be guessed.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine mysql

Default Rule

const { getServerSetting } = module

 * @param {Object} databaseSettings - database settings object
 * @param {Object} parameters - includes default values for assessed variables
 * @returns {boolean} true if password complexity is in place

function validate(databaseSettings, parameters =
    { minPasswordLength : "14",
    minPasswordMixedCaseCount: "1",
    minPasswordNumberCount: "1",
    minPasswordSpecialCharCount: "1",
    passwordPolicy: ["medium", "strong"]}) {

    const length = getServerSetting(databaseSettings, "validate_password_length")
    const mixedCaseCount = getServerSetting(databaseSettings, "validate_password_mixed_case_count")
    const numberCount = getServerSetting(databaseSettings, "validate_password_number_count")
    const specialCharCount = getServerSetting(databaseSettings, "validate_password_special_char_count")
    const policy = getServerSetting(databaseSettings, "validate_password_policy")

    const success = Number(length) >= Number(parameters.minPasswordLength) &&
                    Number(mixedCaseCount) >= Number(parameters.minPasswordMixedCaseCount) &&
                    Number(numberCount) >= Number(parameters.minPasswordNumberCount) &&
                    Number(specialCharCount) >= Number(parameters.minPasswordSpecialCharCount) &&

    return {

// invoke
// TODO: add support for parameters input type