Is Breached Password Allowed During Password Reset

lihua.zhang · March 1, 2023, 10:38pm

Last Updated: Aug 13, 2024

Overview

The tenant has the Breached Password Detection feature turned on.

It works well during the login/sign-up flow.
However, during the password reset, a breached password (for example, Paaf213XXYYZZ) could be used while resetting the password.
Although the breached password could be used while updating the password, the next login would be blocked.

Applies To

Breached Password
Password Reset

Solution

Unfortunately, this is an unsupported feature, and the expected behavior is that, as of now, the Breached Password feature does not extend to password resets.

To see this functionality considered in a future release, please submit a feature request using this form.

Topic		Replies	Views
Testing Breached Password Detection Feature Knowledge Articles breached-password	1	2101	September 16, 2022
Breached Password Functionality Knowledge Articles password-breach	1	559	January 3, 2024
About the specifications of the "Breached Password Detection" feature Help apis , breached-password , attack-protection , application	0	1295	January 30, 2023
Block compromised credentials on password reset / recovery flow Feedback password-breach	1	1066	June 7, 2023
Does "Block compromised credentials for new accounts" also block password changes? Help breached-password , attack-protection	4	1076	June 20, 2023

Is Breached Password Allowed During Password Reset

Overview

Applies To

Solution

Related Topics