We're improving both account security and user experience by extending Breached Password Detection to the password reset flow.
Previously, users could unknowingly reset their passwords to compromised credentials, creating security risks and potentially requiring another reset.
With this update, you can now prevent users from setting their password to a known breached credential during the reset flow -just like during sign-up and login.
Additionally, with this rollout we have also increased coverage of Breached Password Detection on Sign-Up to cover the Management API!
Stronger security – Protects against compromised credentials at every stage.
Better user experience – Avoids unnecessary password resets by blocking breached passwords upfront.
This update helps prevent your users from using known compromised credentials throughout their password lifecycle, giving your users stronger security on their accounts.
For additional details and to learn how to enable Breach Password Detection on Password Reset Flows, please view our online documentation here.
Fetched April 14, 2026