Block compromised credentials on password reset / recovery flow

m-c · June 6, 2023, 11:33pm

Feature: Block compromised credentials on password reset / recovery flow.

Description: Currently, with attack protection, we can block the use of compromised credentials when users sign up or when they log in, but this protection doesn’t extend to when a user changes their password via the reset password flow. (Source: Does "Block compromised credentials for new accounts" also block password changes?)

Use-case: It’s better to block early (at password reset time) than later (at login, after setting compromised credentials).

konrad.sopala · June 7, 2023, 8:59am

Hey there!

It’s already on the roadmap and the Product team is aware of that. Once we have a public date for the release we’ll make sure to relay it here. Thank you!

Topic		Replies	Views
Does "Block compromised credentials for new accounts" also block password changes? Help breached-password , attack-protection	4	1076	June 20, 2023
Is Breached Password Allowed During Password Reset Knowledge Articles password-reset , password-breach	1	1310	March 1, 2023
User Account is Not Blocked When 'Block compromised user accounts' Feature is Enabled Knowledge Articles	1	550	November 3, 2023
Disable Password reset for blocked users using Universal Login Help login-experience , reset-password-prompt-new-experience	2	296	April 19, 2024
Require new users to change password before logging in Knowledge Articles password-reset	1	1024	August 3, 2023

Block compromised credentials on password reset / recovery flow

Related Topics