5.3.0
2018-06-11 Feature1 Tweak3 Fix3Features
- Integration with Have I Been Pwned to prevent users from using passwords found in data breaches.
Tweaks
- Introduce Password Requirements module for managing and enforcing password requirements.
- Continually evaluate password strength for users instead of only during registration.
- Add basic admin debug page to help diagnosing and resolving issues. Particularly with the events.
Fixes
- Password strength would not be evaluated if password was set using custom PHP or CLI commands.
- Only hide "Acknowledge Weak Password" checkbox if the user was not allowed to use a weak password.
- Ensure Grade Report instructions in the Security Digest is accurate when the Grade score is capped.