Breached Auth0 Password Detection Behavior with Different Configurations

Attack Protection
Apr 9, 2026
Overview

This article explains the behavior of Breached Password Detection, including email notifications and login blocking, based on various configuration settings when a user's password is detected as "password_leaked".

Applies To
  • Breached Password Detection
  • Credential Guard
  • Block compromised credential use upon login
  • Send notifications to users with compromised credentials
Cause

Different combinations of breached password detection settings lead to varied user experiences regarding email notifications and login access when a compromised credential is used.

Solution

This section describes the behavior when specific Breached Password Detection settings are enabled:

  • If only "Block compromised credential use upon login" is enabled: Users do not receive email notifications to reset their password. Their login attempts are blocked until a password that has not been compromised is used. After resetting the password through the "Forgot Password" flow, the login functions correctly.
  • If only "Send notifications to users with compromised credentials" is enabled: Users receive an email notification to reset their password because it has been breached. This setting does not affect their login flow, so they can still log in to the application. This setting affects only login; in other words, if a user uses a breached password when signing up or resetting their password, the notification will not be sent to the user, even with this setting enabled. 
  • If both "Block compromised credential use upon login" and "Send notifications to users with compromised credentials" are enabled: Users are blocked from logging in and simultaneously receive an email notification to reset their password due to it being found in a breach.

NOTE: Tenant logs and emails are throttled to one per hour per user when Breached Password Detection is in use. This throttling prevents users from being notified every time they log in with a breached password and limits the creation of tenant logs for every such login attempt.

 

For more information, refer to Breached Password Detection.

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community