18
votes
Check emails and password haveibeenpwned
Use the haveibeenpwned.com API to check the user emails and/or passwords have not been part of a breach.
Note: This will require setting up an intermediary API endpoint, since not possible to hide the HIBP key in the plugin.