Use HIBP API to warn about cracked/known passwords
https://haveibeenpwned.com/API/v2
The "Have I Been Pwned" API could be used to show users a warning if they set a password for an authentication plugin or if they save a password that has already been used.
Should be optional.