Cyber Essentials Compliance - Password Deny List

Hello all,

First time here, so if there is etiquette I need to follow, please let me know.

The company I work for is going through Cyber Essentials Certification, and one of the Password policies is to block users from using bad or known breached passwords.

Now, Passbolt seems to know that a password is bad or that it has been exposed in a breach, but i can’t find, and this is where I’m hoping I can be pointed in the right direction, a way to provide Passbolt with a ‘deny / block list’ .

So that Passbolt will not even allow the user from attempting to save a bad or known breached password into the system, without a checkbox confirming that they understand it is at risk.

From a complexity side, it doesn’t seem to onerous, but to implement this, I’m not sure how one would do it.

Any advice or feedback would be greatly appreciated.