We're improving both account security and user experience by extending Breached Password Detection to the password reset flow.
Previously, users could unknowingly reset their passwords to compromised credentials, creating security risks and potentially requiring another reset.
With this update, you can now prevent users from setting their password to a known breached credential during the reset flow -just like during sign-up and login.
Additionally, with this rollout we have also increased coverage of Breached Password Detection on Sign-Up to cover the Management API!
Stronger security – Protects against compromised credentials at every stage.
Better user experience – Avoids unnecessary password resets by blocking breached passwords upfront.
This update helps prevent your users from using known compromised credentials throughout their password lifecycle, giving your users stronger security on their accounts.
For additional details and to learn how to enable Breach Password Detection on Password Reset Flows, please view our online documentation here.
Fetched April 15, 2026
To strengthen defenses across the identity surface, we have added millions of breached phone credentials to our detection capabilities with…
To strengthen defenses across the identity surface, we have added millions of breached phone credentials to our detection capabilities with…
You can now manually require users to reset their passwords using the reset password session task. This ensures users are prompted to choos…