Administrators/App-Settings.md

@@ -158,6 +158,21 @@ Send emails when a password was shared with an user.
 
 
 
+## Default Password Security Settings
+These settings can be overwritten by the user.
+
+#### Security Check Hash
+This setting defines which percentage of the SHA-1 hash used to compare each password against a list of known bad passwords should be stored.
+If your server is compromised, an attacker could use the SHA-1 hash to find the plain text value of a compromised password.
+Storing a partial hash can reduce this risk, but also means that passwords may be marked as compromised despite being secure.
+Storing no hash will prevent the password security check and the duplicate check from working.
+
+Changes in this setting will be applied to new passwords immediately.
+If a shorter value is selected, the hashes of existing passwords will be updated with the next password security check.
+If a longer value is selected, the existing hashes will *not* be updated and remain short.
+Changing this setting will have no impact on the status of passwords which were already marked as compromised.
+
+
 ## Backup Settings
 Passwords makes regular backups of the raw password database.
 These backups can be used to restore the entire database or the database of a specific user.