This plugin sends the first 5 characters of the SHA1 hash of the password to the haveibeenpwned.com database of over 500 million passwords exposed in data breaches. If the password is found, Matomo rejects it and asks the user to use a more secure password.
This plugin only acts on passwords changes and can't access existing passwords as they are stored securely hashed by Matomo.
Attention: This is a beta plugin. Please don't use it in security critical environments without checking the correctness of the source yourself.