1. Knowledge Base
  2. Configuring Risk Detection

Configuring Your Weak Password Policy

Overview

The Weak Password Policy feature allows you to define what constitutes a weak password in your organisation. Once configured, CultureAI will automatically detect when employees use passwords that fall short of your policy and raise a risk for review and intervention.

Why Set a Weak Password Policy?

Weak passwords are one of the most common root causes of security breaches. This feature allows you to define minimum standards for password strength across SaaS logins—helping you identify and reduce password-related risks in real time.

How to Configure your Weak Password Policy

  1. Go to
    Platform > Settings > Configure Risks > Password Password Strength Policy


  2. Define Your Policy Criteria
    You can set any combination of the following

    • Minimum Length
      Set the minimum number of characters required (e.g. 12)

    • Must Include Special Characters
      Require symbols like !, @, #, etc.
    • Must Include Uppercase
      Ensure passwords contain at least one uppercase letter

    • Must Include Numeric Characters

      Ensure passwords contain at least one numeric character
  3. Click ‘Save’ to apply your policy

Where Do I See Weak Password Risks

  • Weak password events will be detected automatically.

  • You’ll see these surfaced in the Human Risk Dashboard.

  • You can click into any weak password risk to view the Content tab, which compares the detected password to your policy, showing exactly which criteria were not met.

Good to Know

  • You can update your policy at any time.

  • Risks will be evaluated against the policy at the time the password is used.

  • Password data is never stored in plain text and detection happens securely on the endpoint.