Notes
- I plan to port this to XF2.
- I'm not interested in implementing password expiry rules as they are a pain from a user's perspective.
- Forced password resets maybe.
- I am interested in integration with pwned passwords support (optional).
- This allows securely checking a password has likely been compromised without sharing the password.
- See Validating Leaked Passwords with k-Anonymity for details. Warning; contains Maths.