Q1. What is the problem that you are trying to solve?
Notification on compromised credentials.
Q2 - Who is impacted?
All users.
Q3 - Why is it important and/or urgent?
Should be self-explanatory. Notification of potentially compromised passwords is a feature that all major password managers that I am aware of offer.
Q5. Community support
People can vote for this idea to show traction:
Must have: this is critical for me to have this
Should have: this is important for me to have this
Could have: this could be nice to have
Won’t have: we should not schedule this (explain why)
I think the Have I Been Pwned DB integration for the moment checks the password at the creation time, but not during its life, right?
If so, there could be a possibility to keep using a compromised password because Passbolt wouldn’t send you a notification advising about the exfiltration.
I think this is what he is requesting, a way to know if an existing password is compromised or not, rather than the existing one at the creation of a resource