|
|
|
|
|
|
by josephwegner
2489 days ago
|
|
|
Heroku did this about a year ago. They have a list of known pwned passwords (probably haveibeenpwned, but honestly I'm not sure), and disallow accounts to use those passwords. When that change was implemented, any account using a pwned password had that password expired. https://status.heroku.com/incidents/1625 (source: I work for Heroku Support) |
|
|