Overview
This article explains the behavior of Breached Password Detection, including email notifications and login blocking, based on various configuration settings when a user’s password is detected as “password_leaked”.
Applies To
- Breached Password Detection
- Credential Guard
- Block compromised credential use upon login
- Send notifications to users with compromised credentials
Cause
Different combinations of breached password detection settings lead to varied user experiences regarding email notifications and login access when a compromised credential is used.
Solution
This section describes the behavior when specific Breached Password Detection settings are enabled:
- If only “Block compromised credential use upon login” is enabled: Users do not receive email notifications to reset their password. Their login attempts are blocked until a password that is not breached is used. After resetting the password through the “Forgot Password” flow, login functions correctly.
- If only “Send notifications to users with compromised credentials” is enabled: Users receive an email notification to reset their password because it has been breached. This setting does not affect their login flow, allowing them to log in to the application.
- If both “Block compromised credential use upon login” and “Send notifications to users with compromised credentials” are enabled: Users are blocked from logging in and simultaneously receive an email notification to reset their password due to it being found in a breach.
NOTE: Tenant logs and emails are throttled to one per hour per user when Breached Password Detection is in use. This throttling prevents users from being notified every time they log in with a breached password and limits the creation of tenant logs for every such login attempt.
For more information, refer to Breached Password Detection.