Feature
Compromised password protection
To protect accounts from being accessed using compromised passwords, we've integrated haveibeenpwned.com into all of our authentication systems, allowing us to verify that known compromised passwords can't be used to access Buildkite data 🚷
The integration with haveibeenpwned.com uses a technique called k-anonymity hashes, which hashes the password and sends only the first few characters, ensuring there's little risk of disclosing information about your password.