Moodle Plugins directory: Vulnerable Password | Moodle.org
Vulnerable Password
Authentication ::: auth_vulnerablepassword
Maintained by 
Josh Willcock
This Moodle plugin attempts to check HIBP's list of exposed passwords. Enabling your learners to be informed if their password has ever been involved in a data breach.
Latest release:
3 sites
3 downloads
3 fans
Current versions available: 1
Over the last few years Data Breaches have been in the news a lot. It is not surprising with such large platforms being targeted that many of our account details have made their way onto the dark web or end up pasted all over the internet. In an attempt to ensure our users accounts are safe, this plugin grabs the users password and without sending it to a third party checks if the password has been compromised. If the password has been compromised it will refer the user to a warning page on login, which they can then either change their password or continue to their original destination. This will occur every time the user logs in with the compromised password until they change it.
Useful links
Screenshots
Contributors
Josh Willcock (Lead maintainer)
Please login to view contributors details and/or to contact them
Is it possible for us to turn this function on and off for the various cohorts? Is it possible there could be an automatic alert for when a new breach is found?
https://moodle.org/plugins/tool_passwordvalidator
See also this tracker which will also enforce the password policy on login, not just password change:
https://tracker.moodle.org/browse/MDL-67309