Breached Password Functionality
This article describes the expected system outcomes and error messages associated with the Attack Protection feature, specifically Breached Password Detection.
-
Attack Protection
-
Breached Password Detection
-
Once Breached Password Detection is successfully configured, the following outcomes occur:
-
If an attempt is made to create a user from the Dashboard with a breached password, the action fails and an error message is displayed.
-
-
A user cannot be created with a breached password from the Dashboard. If this is attempted, an error message is displayed.
- Error! PasswordBreachedError: Password is part of a known breached credentials dataset
-
-
If an attempt is made to create a user from the Management API with a breached password, the API returns the following error:
{ "statusCode": 400, "error": "Bad Request", "message": "PasswordBreachedError: Password is part of a known breached credential dataset" }-
If a user attempts to sign up from the Universal Login with a breached password, a warning is displayed, and the account creation is prevented.
- This combination of credentials was detected in a public data breach on another website. Before your account is created, please use a different password to keep it secure
-
If a user attempts to change their password to a known breached password, the same error as user creation is displayed.
-
If the Tenant Admin attempts to change a password to a known breached password, an error is displayed.
- Error! PasswordBreachedError: Password is part of a known breached credentials dataset
-
