1) This enables checking passwords against the [Have-I-Been-Pwned](https://haveibeenpwned.com/Passwords) database. Passwords are only checked on registration and when changed on the profile.
2)
3) Additionally this can attempt to check the password from the browser using the same API
4)