We are now checking all passwords against the Pwned Passwords database by Troy Hunt. But this is no easy task...... ok it actually is, it only took 3 lines of code.
We love what Troy is doing and after Pwned Passwords came out we wanted to build it into our service to keep accounts safe. Along with 2FA and constant security checks and logging (in settings you can actually see the login history and attempts for your account and if failed see why it failed like 2fa page hit and left) this was a long time coming.
As of today you wont be able to register or change your password to one that is in the Pwned Passwords database. But if you are wondering about old accounts, don't worry we got you. Every time you login we do the check again, so if your password is in a breach you will get an account notification and email like the following.
This is is for user accounts but over the next few weeks other areas in the panel will be using the service including setting up mail accounts for domains and other areas with important codes.
A huge thanks to Troy Hunt for providing this service for free. Check out his service Have I Been Pwned by visiting https://haveibeenpwned.com.