IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Detect and Defend Weak Passwords with IBM Verify

By Lokesh Kumar posted 13 hours ago

  

Content 

  • Introduction
  • Default Password Intelligence Policy
  • Enforcement Actions
  • Visual Walk-through
    • User login Flows 
    • Change Password Flows
  • Monitoring with Reports
  • Conclusion
  • Authors

Introduction

In an era where cyber threats are constantly evolving, password security remains a critical line of defence. Weak or compromised passwords continue to be a leading cause of data breaches. IBM Verify addresses this challenge with its Password Intelligence feature—an advanced capability that helps organizations enforce strong password policies, detect risky credentials, and guide users toward better password hygiene.

This blog explores how to configure and monitor Password Intelligence within your IBM Verify tenant, including enforcement options, integration with IBM X-Force, and how to leverage reporting tools for actionable insights.

What is IBM Verify?

IBM Verify is a cloud-based digital identity verification solution that helps organizations securely confirm user identities. It combines identity proofing, authentication, and verification methods to enhance security and prevent fraud in online processes. By integrating these capabilities, IBM Verify ensures that only legitimate users gain access to sensitive systems and data—making it a critical component of modern identity and access management (IAM) strategies.

Prerequisites

Before configuring Password Intelligence, ensure the following prerequisites are met:

Default Password Intelligence Policy

Within the default policy, administrators can enable two key enforcement mechanisms:

  •  IBM X-Force
  •  Custom List

Once enabled, these mechanisms influence user login flows by enforcing password strength and integrity.

Note: Currently, Password Intelligence enforcement is supported only for users in the Cloud Directory identity source.

Enforcement Actions

For each source (IBM X-Force or Custom List), you can choose:

  • 🔍 Audit
  • ⚠️ Warn users with a message
  • 🚫 Prevent login and redirect to change password

Details:

  1. Audit

    • This mode silently logs weak or compromised passwords during login attempts.
    • Useful for monitoring without disrupting the user experience.

  2. Warn Users with a Message

    • Encourages proactive password changes without blocking access.

  3. Prevent Login and Redirect to Change Password

    • The most stringent enforcement.
    • Users are blocked from logging in until they update their password to meet policy requirements.

Visual Walk-through

Under a tenant, this feature can be accessed via admin portal:

Go to Security → Password management → Intelligence list

 

Below are the two key enforcement mechanisms

 

User Login Flows

Under each mechanism, below are the password enforcement actions

 Similarly, for Custom list enforcement

 

Here is a kind of sample csv file which needs to be uploaded under this option


User Experience During Login

Depending on the enforcement level, users may:

  • Log in normally (Audit)

  • See a warning message (Warn)

  • Be redirected to change their password (Prevent)

Change Password Flows 

Just like User Login Flows, the Change Password Flow also supports enforcement through Password Intelligence. This ensures that users are prevented from setting weak or compromised passwords

Enforcement Actions (Same as Login Flow)

Example: Prevent Password Change

If a user attempts to set a password that matches an entry in the IBM X-Force or Custom List, and the enforcement is set to
Prevent, they will be stopped and prompted to choose a more secure password before proceeding.

End user will be prompted to change password as below

Monitoring with Reports

To complement enforcement actions, IBM Verify provides detailed reporting under:

Reporting & Diagnostics → Reports → Password Intelligence → View Report

The trends chart provides a time-based view of password enforcement events. 

This level of detail allows security teams to:

  • Track when and where weak or compromised passwords are used
  • Identify users frequently triggering warnings or blocks
  • Correlate login attempts with geographic and IP data

Conclusion

Password Intelligence in IBM Verify is more than just a policy—it's a proactive approach to securing user identities. By leveraging IBM X-Force insights, custom enforcement rules, and detailed reporting, organizations can detect weak passwords, guide users toward stronger credentials, and reduce the risk of breaches. Whether you're auditing, warning, or enforcing password changes, this feature empowers you to strike the right balance between security and user experience.


Authors:

0 comments
9 views

Permalink