diff --git a/en/aws/iam/users-password-last-used.md b/en/aws/iam/users-password-last-used.md
index 8970eaa11..2efc28c25 100644
--- a/en/aws/iam/users-password-last-used.md
+++ b/en/aws/iam/users-password-last-used.md
@@ -10,19 +10,19 @@
| **Cloud** | AWS |
| **Category** | IAM |
| **Description** | Detects users with password logins that have not been used for a period of time and that should be decommissioned |
-| **More Info** | Having numerous, unused user accounts extends the attack surface. If users do not log into their accounts for more than the defined period of time, the account should be deleted. |
+| **More Info** | Having numerous, unused user accounts extends the attack surface. If users do not log into their accounts for more than the defined period of time, the account should either be deleted or have console login disabled. |
| **AWS Link** | http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html |
| **Recommended Action** | Delete old user accounts that allow password-based logins and have not been used recently. |
## Detailed Remediation Steps
-1. Log into the AWS Management Console.
+1. Log in to the AWS Management Console.
2. Select the "Services" option and search for IAM. 
-3. Scroll down the left navigation panel and choose "Users". 
-4. Select the "User" that needs to be verified and click on the "User name" to access the selected "IAM User".
-5. Click on the "Security Credentials" under the configuration page.
-6. Scroll down the "Security Credentials" tab and check the "Console password".Check the "Console password" section for "last signed in". If "last signed in" is showing for the period more than 180 days than the password is not been used for a period of time.
-7. Repeat steps number 2 - 6 to verify for other IAM users.
-8. Go to the "Users" page and select the "User" whose password is not been used for a period of time now. 
-9. Click on the "Delete user" button at the top to delete the selected user. 
-10. On the "Delete user" tab click on the "Yes, delete" button to delete the selected IAM user. 
-11. Repeat steps number 8 - 10 to delete the other IAM users whose passwords are not used for a period of time.
+3. Scroll down the left navigation panel and choose "Credential report". Click on the "Download Report" button to download a report that lists all your account's users and the status of their various credentials.
+4. Open the downloaded credentials report and check the "password_last_used_date" column for each IAM account. If the timestamp value for "password_last_used_date" is recorded within the last 7 days, the above credentials have been used to access the AWS account. If however, the timestamp value is older than 90 days, then the account should be deleted or disabled.
+5. Scroll down the left navigation panel and choose "Users".
+6. Select the "User" that needs to be verified and click on the "User name" to access the selected IAM User.
+7. Click on the "Security Credentials" tab under the configuration page.
+8. Under the "Security Credentials" tab check the "Console password" section for status "Enabled/Disabled". If the status is "Enabled" then the console sign in is enabled and needs to be disabled.
+9. Click on "Manage" to open "Manage console acess" pop up.
+10. Select "Disable" for the Console access and click on "Apply" button.
+11. Repeat step number 2 - 11 to verify for other IAM users.
diff --git a/resources/aws/iam/users-password-last-used/step10.png b/resources/aws/iam/users-password-last-used/step10.png
index 3d6f4ea6c..11eb8e550 100644
Binary files a/resources/aws/iam/users-password-last-used/step10.png and b/resources/aws/iam/users-password-last-used/step10.png differ
diff --git a/resources/aws/iam/users-password-last-used/step2.png b/resources/aws/iam/users-password-last-used/step2.png
index 3c9e155a3..bc3be71d0 100644
Binary files a/resources/aws/iam/users-password-last-used/step2.png and b/resources/aws/iam/users-password-last-used/step2.png differ
diff --git a/resources/aws/iam/users-password-last-used/step3.png b/resources/aws/iam/users-password-last-used/step3.png
index 84fc35552..66759b63f 100644
Binary files a/resources/aws/iam/users-password-last-used/step3.png and b/resources/aws/iam/users-password-last-used/step3.png differ
diff --git a/resources/aws/iam/users-password-last-used/step4.png b/resources/aws/iam/users-password-last-used/step4.png
index caf2fb299..ba2bcc231 100644
Binary files a/resources/aws/iam/users-password-last-used/step4.png and b/resources/aws/iam/users-password-last-used/step4.png differ
diff --git a/resources/aws/iam/users-password-last-used/step5.png b/resources/aws/iam/users-password-last-used/step5.png
index b1fa884d9..6fdfdc441 100644
Binary files a/resources/aws/iam/users-password-last-used/step5.png and b/resources/aws/iam/users-password-last-used/step5.png differ
diff --git a/resources/aws/iam/users-password-last-used/step6.png b/resources/aws/iam/users-password-last-used/step6.png
index 222f95f27..85d8e66d7 100644
Binary files a/resources/aws/iam/users-password-last-used/step6.png and b/resources/aws/iam/users-password-last-used/step6.png differ
diff --git a/resources/aws/iam/users-password-last-used/step7.png b/resources/aws/iam/users-password-last-used/step7.png
new file mode 100644
index 000000000..9dce5e08b
Binary files /dev/null and b/resources/aws/iam/users-password-last-used/step7.png differ
diff --git a/resources/aws/iam/users-password-last-used/step8.png b/resources/aws/iam/users-password-last-used/step8.png
index 6f6c43168..ce155d50f 100644
Binary files a/resources/aws/iam/users-password-last-used/step8.png and b/resources/aws/iam/users-password-last-used/step8.png differ
diff --git a/resources/aws/iam/users-password-last-used/step9.png b/resources/aws/iam/users-password-last-used/step9.png
index 1a6dc4e56..9fc4f09d4 100644
Binary files a/resources/aws/iam/users-password-last-used/step9.png and b/resources/aws/iam/users-password-last-used/step9.png differ