Customizing Breached Password Error Message in Auth0

Overview

When a potential security issue has been detected with a user’s account, triggering the breached password protection feature in Auth0., the following error message is displayed:

We have detected a potential security issue with this account. To protect your accounts, we have prevented this login.
Please reset your password to proceed.

However, the screen does not provide a direct option to Reset Password . Instead, only a Forgot Password link is available.

Users may find this confusing as they are instructed to reset their password but do not see a straightforward way to do so. The objective is to customize the error message to instruct users to use the Forgot Password link to reset their password.

Solution

To customize the password-breached message in Auth0, follow these steps:

  1. Access the Auth0 Dashboard: Log in to the Auth0 account and navigate to the Dashboard.
  2. Go to Branding: In the left-hand menu, select Branding and then click on Universal Login.
  3. Open Advanced Options: Within the Universal Login page, find and click on the Advanced Options.
  4. Navigate to Custom Text: Click on the Custom Text tab to access the customizable text fields.
  5. Select the Appropriate Prompt: From the dropdown menu labeled Prompt, choose login-id or login (It depends if the Identifier first option is used).
  6. Modify the Breached-Password Message: Scroll down to the password-breached section. Edit the text to advise users to use the Forgot Password option to reset their password.
  7. Save the Changes: After making the necessary changes, click on Save Changes to apply the new message.