private async Task <IdentityResult> ValidatePasswordHasNotBeenPwned(string password)
{
const int considerPwned = 1000;
var pwnChecker = new PasswordChecker();
var pwnedCount = await pwnChecker.GetBreachCountAsync(password);
return((pwnedCount >= considerPwned)
? new IdentityResult($"Cannot use password that have been pwned more than {considerPwned} times.")
: IdentityResult.Success);
}