This article explains the scope of the Breached Password Detection (BPD) feature and clarifies which user types are protected by this security measure within a tenant.

• Breached Password Detection (BPD)
• Database Connection
• Tenant Administrators

Breached Password Detection applies to specific user sets based on the connection type and the application being accessed:

1. BPD covers all users stored in a Database Connection within the tenant.

2. This coverage includes customers (end users) and any administrative users created for internal applications.

3. BPD does not apply to Tenant Administrators signing in to the Auth0 Dashboard via manage.auth0.com using a username and password.

4. Dashboard access for Tenant Administrators is managed by an internal authentication system that utilizes separate built-in security protections to safeguard the platform.

Related References

• Breached Password Detection