A MyBB plugin that rejects compromised passwords during login attempts, protecting against credential stuffing attacks.

Submitted values are checked against a list of compromised passwords from the HIBP API using a partial hash. Recognized passwords produce an error message directing users to reset their password using e-mail.

The length of automatically generated passwords during password reset is set to 20.

• MyBB ≥ 1.8
• PHP ≥ 7.1