diff --git a/src/Auth/WeakPasswordHasher.php b/src/Auth/WeakPasswordHasher.php
index 26ad6bd9bbb..292c383e2b8 100644
--- a/src/Auth/WeakPasswordHasher.php
+++ b/src/Auth/WeakPasswordHasher.php
@@ -15,6 +15,8 @@
 namespace Cake\Auth;
 
 use Cake\Auth\AbstractPasswordHasher;
+use Cake\Core\Configure;
+use Cake\Utility\Debugger;
 use Cake\Utility\Security;
 
 /**
@@ -34,6 +36,16 @@ class WeakPasswordHasher extends AbstractPasswordHasher {
 		'hashType' => null
 	];
 
+/**
+ * {@inheritDoc}
+ */
+	public function __construct(array $config = []) {
+		if (Configure::read('debug')) {
+			Debugger::checkSecurityKeys();
+		}
+		parent::config($config);
+	}
+
 /**
  * Generates password hash.
  *
diff --git a/src/Controller/Component/AuthComponent.php b/src/Controller/Component/AuthComponent.php
index 052bf3d084a..f995056212f 100644
--- a/src/Controller/Component/AuthComponent.php
+++ b/src/Controller/Component/AuthComponent.php
@@ -18,13 +18,11 @@
 use Cake\Controller\ComponentRegistry;
 use Cake\Controller\Controller;
 use Cake\Core\App;
-use Cake\Core\Configure;
 use Cake\Error;
 use Cake\Event\Event;
 use Cake\Network\Request;
 use Cake\Network\Response;
 use Cake\Routing\Router;
-use Cake\Utility\Debugger;
 use Cake\Utility\Hash;
 
 /**
@@ -249,10 +247,6 @@ public function __construct(ComponentRegistry $registry, array $config = []) {
 		$this->response = $controller->response;
 		$this->_methods = $controller->methods;
 		$this->session = $controller->request->session();
-
-		if (Configure::read('debug')) {
-			Debugger::checkSecurityKeys();
-		}
 	}
 
 /**
diff --git a/tests/TestCase/Auth/WeakPasswordHasherTest.php b/tests/TestCase/Auth/WeakPasswordHasherTest.php
index 0112b923ec6..b3510865de3 100644
--- a/tests/TestCase/Auth/WeakPasswordHasherTest.php
+++ b/tests/TestCase/Auth/WeakPasswordHasherTest.php
@@ -23,6 +23,17 @@
  */
 class WeakPasswordHasherTest extends TestCase {
 
+/**
+ * setUp method
+ *
+ * @return void
+ */
+	public function setUp() {
+		parent::setUp();
+
+		Configure::write('Security.salt', 'YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
+	}
+
 /**
  * Tests that any password not produced by WeakPasswordHasher needs
  * to be rehashed