Each year, hundreds of millions of usernames and passwords get exposed in data leaks and make their way to the online black market. These stolen credentials can then be used by hackers to hijack people’s accounts. In a worst-case scenario, this can lead to identity theft, illegal fund transfers and other crimes.

Many cyber security regulations require companies to inform their customers when passwords have been compromised. The good news is that Auth0 can automatically warn users of a breach and provide them with the information they need to change their passwords.

Password Security Breach Checker: Detect Vulnerabilities

Password security breach checker is a new feature that uses secure multi-party computation to preserve end-user privacy while checking for leaked or breached passwords. The feature is available as part of our reCAPTCHA plugin and in the Auth0 risk assessment API.

You can activate the feature in the dashboard under Settings > Security > Attack Protection. Select Breached Password Detection Method and choose the option to check for breached passwords during signup or login. You can also choose to block the use of compromised credentials for new accounts if you prefer. To test the feature, create a new user in the admin panel and assign a test breached password (Paaf213XXYYZZ or Paat739!!WWXXYYZZ). Try to register with this password at your site and verify that Auth0 blocked the signup or login. You can see the logs for this type of event in Dashboard > Logs. If you want to try a different detection method, you can disable the current one and choose another from the drop-down menu.