Document haveibeenpwnd.com

admin_manual/configuration_user/user_password_policy.rst

@@ -1,16 +1,17 @@
-========================
-User password policy app
-========================
+====================
+User password policy
+====================
 
-A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. 
+A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.
 
-You can configure 
+In the security-section of your administrator-settings you can configure 
 
 * a minimal length of a password. Default is 10 characters.
-* to forbid common passwords like 'california' or 'enterprise'.  
-* enforce upper and lower case characters
-* Enforce numeric characters
-* Enforce special characters like ! or :
+* to forbid common passwords like 'password' or 'login'. 
+* to enforce upper and lower case characters
+* to enforce numeric characters
+* to enforce special characters like ! or :
+* to check the password against the list of breached passwords from haveibeenpwnd.com (hashed check via haveibeenpwnd.com-API)
 
 .. figure:: ../images/user_password_policy_configuration_app.png