From ff7a0874a7a64aa3c2d7bbc4949d52aaa7705996 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marius=20Bl=C3=BCm?= <marius@lineone.io>
Date: Mon, 9 Apr 2018 10:25:51 +0200
Subject: [PATCH] Document haveibeenpwnd.com

---
 .../user_password_policy.rst                  | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/admin_manual/configuration_user/user_password_policy.rst b/admin_manual/configuration_user/user_password_policy.rst
index ef4e64b16..aec58ad7d 100644
--- a/admin_manual/configuration_user/user_password_policy.rst
+++ b/admin_manual/configuration_user/user_password_policy.rst
@@ -1,16 +1,17 @@
-========================
-User password policy app
-========================
+====================
+User password policy
+====================
 
-A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. 
+A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.
 
-You can configure 
+In the security-section of your administrator-settings you can configure 
 
 * a minimal length of a password. Default is 10 characters.
-* to forbid common passwords like 'california' or 'enterprise'.  
-* enforce upper and lower case characters
-* Enforce numeric characters
-* Enforce special characters like ! or :
+* to forbid common passwords like 'password' or 'login'. 
+* to enforce upper and lower case characters
+* to enforce numeric characters
+* to enforce special characters like ! or :
+* to check the password against the list of breached passwords from haveibeenpwnd.com (hashed check via haveibeenpwnd.com-API)
 
 .. figure:: ../images/user_password_policy_configuration_app.png