Hi2UAll!
I was playing around in the Home Assistant CLI. When I use sec info it is returning pwned: true.
It looks to me all add-on passwords are validated by Have I Been Pwned: Pwned Passwords, right?
Is there a way to find out what is responsible for that?
Please, anyone?
It looks like that is the default setting. If you check the help for ha sec options, you’ll find you can toggle it to false if you want.
Flags:
--content-trust Enable/Disable content-trust on the backend (default true)
--force-security[=false] Enable/Disable force-security on the backend
-h, --help help for options
--pwned Enable/Disable pwned check the backend (default true)
@whitegc5 Thank you for responding, it’s appreciated! 
I thought it meant one of my password was known as breached, but it just a security option enabled, when interpreting your answer right.
That gives me peace of mind! Thanks!
Yeah, I’m only here because I was (only slightly) worried when I saw the same message. It might be wise to change the option name to be a little less spooky.