@Gargron I think the best you can do is to check when a user changes their password. Or maybe after X logins the password is checked against HIBP.
That's the only time you have the plaintext password.
Top-level
@Gargron I think the best you can do is to check when a user changes their password. Or maybe after X logins the password is checked against HIBP. That's the only time you have the plaintext password. No comments
|