Breached password allowed during password reset

Problem statement

We could find the protection on login / sign up. But is there a detection on the change password page from the hosted page? Say once I entered the test breached password Paaf213XXYYZZ, I was not blocked when I updated my password, then got blocked in the next login.


Unfortunately, it isn’t supported yet. You may leave feedback following the guideline here to raise a feature request.