If I were operating a SaaS platform or any other online service, I'd be inclined to automatically reset passwords for users whose credentials have been compromised in a data breach. Has anyone here developed an automated system to handle this? I'm particularly curious about how one would automate the gathering of leaked databases and cross-reference user passwords against these lists, both at the point of signup and periodically thereafter. Seems like a compelling problem to solve.
brap|2 years ago