Admin tools: Password Validator
A tool for enforcing various security standards and guidelines for passwords for Moodle. This plugin aims for compliance with
the Australian Information Security Manual (currently May 2019), and above that, the NIST standards from the document 800-63B. Many of the controls are optional and user configurable, with the most safe values set by default, but allow for great customization for any configuration, while enforcing safe, sensible guidelines for passwords.
Enabling this control checks the hash of the password against the HaveIBeenPwned breached passwords API, and disallows passwords that have been found in any of the catalogued breaches. The API only receives a partial hash so even if haveibeenpwned was compromised your good password hashes haven't been leaked.
For Support or Issues, please visit the GitHub repository at: