Gigantic Frog I've implemented that in a past life, it forced all users through a password change flow on login if the password was a hit on Pwned Passwords (implemented as a Bloom filter for performance, designed to have an acceptably low FP rate).