To filter out passwords in E-Mails you can setup an Office 365 transport rule to capture the passoword and either block the email being sent or redirect it to a manager.
To do this, login to https://portal.office.com/adminportal with a tenant Administrator account.
Open the Exchange Admin Center.
Under mail flow click rules.
Click the + button to add a new Transport Rule
1 – Enter a name for the new Transport Rule
2 – Select The subject or body includes
A box will appear asking for you to enter your keywords, enter each keyword separately and click the + button. If entering passwords it is recommended you enter only part passwords for example if a common password you use is Boats567! enter *ats567* where * denotes any additional character then click OK
Under Do the following select Redirect the message to and enter the desired recipient (manager)
Now any passwords in E-Mails will be redirected and not arrive at their intended recipient.