Overview
The Weak Password Policy feature allows you to define what constitutes a weak password in your organisation. Once configured, CultureAI will automatically detect when employees use passwords that fall short of your policy and raise a risk for review and intervention.
Why Set a Weak Password Policy?
Weak passwords are one of the most common root causes of security breaches. This feature allows you to define minimum standards for password strength across SaaS logins—helping you identify and reduce password-related risks in real time.
How to Configure your Weak Password Policy
-
Go to
Platform > Settings > Configure Risks > Password Password Strength Policy
-
Define Your Policy Criteria
You can set any combination of the following-
Minimum Length
Set the minimum number of characters required (e.g. 12) - Must Include Special Characters
Require symbols like!,@,#, etc. -
Must Include Uppercase
Ensure passwords contain at least one uppercase letter -
Must Include Numeric Characters
Ensure passwords contain at least one numeric character
-
-
Click ‘Save’ to apply your policy
Where Do I See Weak Password Risks
-
Weak password events will be detected automatically.
-
You’ll see these surfaced in the Human Risk Dashboard.
-
You can click into any weak password risk to view the Content tab, which compares the detected password to your policy, showing exactly which criteria were not met.
Good to Know
-
You can update your policy at any time.
-
Risks will be evaluated against the policy at the time the password is used.
-
Password data is never stored in plain text and detection happens securely on the endpoint.