Leaked Password Notifications
Cloudflare automatically checks if your password has been compromised when you log in to the Cloudflare dashboard ↗. Every time you log in to your account, we will securely verify through threat intelligence sources to confirm if your password has been leaked in a past data breach.
Refer to the blog post ↗ for more information on how Cloudflare checks for leaked credentials.
If your password is found in a data breach, we will email you information on how to reset your password and prompt you to do so in the Cloudflare dashboard.
Your first three login attempts will warn you of the need to reset your password. After three attempts, you will be required to reset your password to log in to Cloudflare.
Users leveraging Single Sign-On (SSO) or two-factor authentication (2FA) will not be subject to these requirements given the higher level of security provided by those features.
We encourage you to enable two-factor authentication to secure your account.
Cloudflare account Super Administrators can also require that all members enable 2FA. This functionality can be enabled by going to Manage Account > Members in the Cloudflare dashboard.