Implementing Password Leak Detection in Spring Boot 3.3 with HaveIBeenPwned
This article explains how Chrome's built‑in password leak alert works and demonstrates how to integrate the same compromised‑password checking into a Spring Boot 3.3 application using the HaveIBeenPwned API, complete with code examples and screenshots.
Chrome Browser Password Leak Check
Chrome includes a password leak detection feature that alerts users when their saved passwords have been exposed in data breaches.
Spring Boot 3.3 Password Leak Check
Demo
When a user enters a compromised password, the Spring Security login filter triggers a check and returns a warning.
The provided password is compromised, please change your passwordImplementation
@Bean
public CompromisedPasswordChecker compromisedPasswordChecker() {
return new HaveIBeenPwnedRestApiPasswordChecker();
}Uses the HaveIBeenPwned API (api.pwnedpasswords.com) to verify passwords.
pwnedpasswords Service
Checks whether a password appears in known breach databases by querying the service with the password hash.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Java Architecture Diary
Committed to sharing original, high‑quality technical articles; no fluff or promotional content.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.