Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This is a Drupal 8 module that adds a Pwned Passwords plugin to the D8 Password Policy module.
Have I Been Pwned
The plugin uses the Have I Been Pwned Passwords API.
To protect privacy, the API uses the k-Anonymity model. A SHA-1 hash of the password is created, only the first 5 characters of the hash are sent to the API.
The API response is a list of matching SHA1 hashes representing exposed passwords known to the service. The plugin then checks if the full SHA-1 is in the list, without sending the full hash to the API.
Supporting organizations:
maintained
Project information
- Module categories: Security
- Ecosystem: Password Policy
213 sites report using this module- Created by kim.pepper on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
Releases
2.0.1
released 8 April 2024
released 8 April 2024
Works with Drupal: ^10.1 || ^11
✓ Recommended by the project’s maintainer.
Drupal 11 compatibility fixes
Install:
Development version: 2.x-dev updated 25 Mar 2024 at 03:33 UTC
8.x-1.0
released 24 October 2022
released 24 October 2022
Works with Drupal: ^8 || ^9 || ^10
✓ Recommended by the project’s maintainer.
Adds Drupal 10 compatibility
Install:
Development version: 8.x-1.x-dev updated 4 Apr 2024 at 23:13 UTC
