This is a Drupal 8 module that adds a Pwned Passwords plugin to the D8 Password Policy module.
Have I Been Pwned
The plugin uses the Have I Been Pwned Passwords API.
To protect privacy, the API uses the k-Anonymity model. A SHA-1 hash of the password is created, only the first 5 characters of the hash are sent to the API.
The API response is a list of matching SHA1 hashes representing exposed passwords known to the service. The plugin then checks if the full SHA-1 is in the list, without sending the full hash to the API.
Project information
- Module categories: Security
- Ecosystem: Password Policy
- 213 sites report using this module
- Created by kim.pepper on , updated
- Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
Releases
Drupal 11 compatibility fixes
Development version: 2.x-dev updated 25 Mar 2024 at 03:33 UTC
Adds Drupal 10 compatibility
Development version: 8.x-1.x-dev updated 4 Apr 2024 at 23:13 UTC