mirror of
https://github.com/gitlabhq/gitlabhq.git
synced 2025-07-25 17:08:32 +00:00
1.3 KiB
1.3 KiB
stage, group, info, title
| stage | group | info | title |
|---|---|---|---|
| Software Supply Chain Security | Authentication | To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments | Compromised password detection |
{{< details >}}
- Tier: Free, Premium, Ultimate
- Offering: GitLab.com
{{< /details >}}
{{< history >}}
- Introduced in GitLab 18.0 with a flag named
notify_compromised_passwords. Disabled by default. - Enabled on GitLab.com in GitLab 18.1. Feature flag
notify_compromised_passwordsremoved.
{{< /history >}}
GitLab can notify you if your GitLab.com credentials are compromised as part of a data breach on another service or platform. GitLab credentials are encrypted and GitLab itself does not have direct access to them.
When a compromised credential is detected, GitLab displays a security banner and sends an email alert that includes instructions on how to change your password and strengthen your account security.
Compromised password detection is unavailable when authenticating with an external provider, or if your account is already locked.