Skip to main content
Home

This is a Drupal 8 module that adds a Pwned Passwords plugin to the D8 Password Policy module.

Have I Been Pwned

The plugin uses the Have I Been Pwned Passwords API.

To protect privacy, the API uses the k-Anonymity model. A SHA-1 hash of the password is created, only the first 5 characters of the hash are sent to the API.

https://www.drupal.org/project/password_policy_pwned

© Shivakumar Ramamurthy