Resource icon

Password Tools 3.7.5

No permission to download


Well-known member
Xon updated Password Tools with a new update entry:

3.7.5 - Bugfix update

  • Fix "Minimum time between triggering compromised password alerts on login" operating in seconds instead of hours
  • Fix cases where email 2fa would not be forced enabled on the first login request after a password is discovered as compromised
  • Rename various options to be better searchable
  • Adjust various option defaults to be more robust.
    • 'Minimum password length' from 8 => 10 characters
    • 'Minimum password strength' from 'very weak' to 'weak'
    • 'Pwned password...

Read the rest of this update entry...


Well-known member
I'm using this add-on now for one of my sites. And yes, I'm getting users who are contacting me when trying to reset their password, letting me know that the email on file for their account is no longer accessible. Does the system show them what that old email address is without them being logged in? Or is it only displaying it to the user when they're logged in?

If it's displaying it to them when they're not logged in, via the password recovery process for example, that would be a problem. What's to prevent anyone from trying to login to another person's user account, which would allow them to see what email address is on file for that account? That's typically the one piece of information I can use to have someone confirm before helping them regain access to their account. Hopefully that's not how the system works.


If after intalling this add-on I decide to desinstall it.
Will it be a mess or will it be a clean desinstall?

Will I have to perform any manual clean up?


Well-known member
Like any XF add-on the uninstall process should remove everything, and it is a bug to be fixed if it doesn't


Active member
Xon, here's a feature request - can you put in a checkbox where, when enabled, if someone's password has been changed in the last [x] number of days, their profile shows a banner or flag saying "RECENTLY UPDATED" or similar?