Pwned Passwords by ReFlar
A Flarum extension that checks passwords against Have I Been Pwned's password database during registration to check for passwords seen in known data breaches.
Use Bazaar or install it with Composer:
composer require reflar/pwned-passwords
Then log in and enable the extension.
Some people may be wondering whether or not this extension is secure to use, since it supposedly checks passwords against an API to see if they've been in known data breaches. This extension is secure. Your passwords remain anonymous, whether or not you use this extension. When using the Pwned Passwords API, plain text is never sent. Your password is made into a SHA1 hash and the first 5 characters of that hash are sent to the API, and the API returns hashes that match those first 5 characters. The extension then does the comparing itself to see if there are any exact matches. Therefore, your password is not sent anywhere and remains anonymous.