Idea ID: 2863103

Password Policy check against HaveIBeenPwned

Status : New Idea
6 months ago

It would be very helpful if the Password Policy could be checked for breached or pwned passwords.  The most obvious choice would be to use Troy Hunt's Have I Been Pwned service.  It would be great if it could verify individual users password choice when they create a new password or change an existing password.  It would also need to run a scan at regular intervals and notify users if a current password becomes listed on the service.

Labels:

Configuration