General Password
Detects general password patterns in documents and configuration files. This pattern is based on a Microsoft Purview built-in sensitive information type. In Purview, this is a broad, function-based detector. This keyword-based version flags documents that may contain passwords for further review.
- Type
- regex
- Engine
- universal
- Confidence
- low
- Confidence justification
- Low confidence: broad keyword-based detection that will match password-related terminology in documentation, code comments, and non-sensitive contexts. Intended as a wide-net classifier. Added context gating and exclusion rules improve precision and reduce incidental matches.
- Detection quality
- Mixed
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2
- Data categories
- credentials, security
- Scope
- wide
- Risk rating
- 10
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported
Pattern
(?i)\b(?:password|passwd|pwd|pass)\s*[:=]\s*"?[^\s"']{6,}"?Corroborative evidence keywords
password, passwd, pwd, credential, login, authentication, secret, passphrase, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie (+39 more)
Proximity: 300 characters
Should match
password: MyS3cretP@ssw0rd— Password in YAML configpwd=TestPassword123— Password in query string formatpasswd="00000000000000"— Password with placeholder value
Should not match
password policy requires 12 characters— Password policy documentation, not actual passwordpassword: ""— Empty password valuetemplate example placeholder record identifier— Template/sample context should be excluded even when anchor words are present
Known false positives
- Security documentation, password policies, and training materials discussing password requirements. Mitigation: Check for assignment operators (=, :) following the keyword to differentiate from descriptive text.
- Source code containing password parameter names and function arguments without actual credential values. Mitigation: Verify that the value following the keyword appears to be an actual credential.