Breached password protection

This feature protects your org from the impact of users signing in to Okta with breached credentials. Credentials are the username and password combination that signs the user in to Okta.

Okta receives lists of breached credentials from third parties and compares your user's credentials to this list.

If your user's credentials appear in a list, Okta notifies you by recording the security.breached_credential.detected event in the System Log. By default, Okta expires the user's credentials and requires the user to reset their password the next time they attempt to sign in with their username and password. The user is blocked from signing in again with their credentials until they change their password.

Use the Okta Workflows Template: Send notifications for a breached password event workflow to notify users when their credentials are breached.

For AD-sourced users to reset their password after entering a breached password, you need to enable self-service password reset in your org.

Related topics

System Log

Okta Workflows Template: Send notifications for a breached password event