I already mentioned IAM usernames and passwords, which are used to log in to your AWS account. These usernames are created by an administrator of IAM; at the same time, they will issue you with a password. Depending on how the administrator configured your account, you may be required to change your password upon the first successful authentication to AWS.

If no password policy has been configured, passwords for accounts can be inherently insecure. This is because people are likely to use easy to remember passwords, such as 123456 or Password1; these passwords are more common than you think, in spite of end users becoming more aware of privacy and security. This can be a major issue if the users that are using insecure passwords have a privileged access level to your resources; for example, other administrators might have weak passwords, while also having the authorization to create or delete a wide range of AWS resources.