id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
30100	Add a Validator that uses Troy Hunts Have I been pwned Database to validate passwords.	Logan	nobody	"Add an optional validator that would use the Hash API(https://haveibeenpwned.com/API/v2#PwnedPasswords) in Troy Hunt's Database of pwned passwords. To increase the unique password requirements. 

I have created an example validator that could be improved upon if interested (remove dependency of requests), https://gist.github.com/loganstartoni/213e1043314affb56eafc02885494f40.

I think this feature could increase awareness of the database as well as alerting users to the vulnerability of the common passwords that they are reusing. 

The Validator as written makes an API call to the haveibeenpwned api and checks the returned hashes against the user inputted password. If the password is pwned it then alerts the user to how many times the password has be pwned.  "	New feature	closed	contrib.auth	2.2	Normal	wontfix			Unreviewed	0	0	0	0	0	0