Is Breached Password Allowed During Password Reset

lihua.zhang · March 1, 2023, 10:38pm

Last Updated: March 19, 2025

Overview

The tenant has the Breached Password Detection feature turned on.

It works well during the login/sign-up flow.
However, during the password reset, a breached password (for example, Paaf213XXYYZZ) could be used while resetting the password.
Although the breached password could be used while updating the password, the next login would be blocked.

Breached password detection is available with the password reset flow as of March 11th, 2025.

Topic		Replies	Views
Testing Breached Password Detection Feature Knowledge Articles breached-password	1	2222	September 16, 2022
Breached Password Functionality Knowledge Articles password-breach	1	593	January 3, 2024
About the specifications of the "Breached Password Detection" feature Get Help apis , breached-password , attack-protection , application	0	1305	January 30, 2023
Block compromised credentials on password reset / recovery flow Product Feedback password-breach	1	1073	June 7, 2023
Breached Password Detection Not Triggering Despite Being Turned On Knowledge Articles	1	7	April 9, 2025