Thanks to @NamePros
for sponsoring this update.
- Update compromised password alert text to be less awkward
- On updating passwords, remove any compromised password alerts to avoid user confusion
- Add "Force email two factor authentication on compromised password" option (default disabled)
- Add "Pwned password minimum count (soft)" option.
This allows a user to change a password to a known compromised value which is under a given number of known hits. This still generates compromised password alerts