Check if members have appeared in data breaches and/or whether they are using passwords that have appeared in a data breach
This module checks for passwords and (optionally) account email addresses that have appeared in data breaches and either disallows the password or warns the account holder of a pwned password.
For more information on how the Pwned Password API works, including how compromised password hashes are sent to the API, please read: https://haveibeenpwned.com/API/v3#PwnedPasswords
This module is under active development and should not be considered production-ready just yet
We welcome testing and feedback via the Github issue tracker
This module uses MFlor/pwned to interface with the Password and Breach API.
In addition to password checking it can optionally check for breaches linked to a supplied email address, which requires an API key to be purchased from haveibeenpwned
From a Silverstripe perspective, the module:
The module comes with a default configuration that should get you up and running.
Read the configuration documentation for configuration instructions
Read the email documentation for information about email and templates
We welcome bug reports, pull requests and feature requests on the Github Issue tracker for this project.
Please review the code of conduct prior to opening a new issue.
If you would like to make contributions to the module please ensure you raise a pull request and discuss with the module maintainers.
Please review the code of conduct prior to completing a pull request.
Module rating system helping users find modules that are well supported. For more on how the rating system works visit Module standards
Score not correct? Let us know there is a problem