also to tack on, yes passwords would be huge but also perhaps Processes as well? Not sure how that would work but thought I would throw that in too. I will be happy if we only get passwords though as I find myself wanting to flag a password for incorrect more often than a KB article

that and a default added flag for passwords found in breaches so we're aware for new pickups (I'm not aware of any thing that would tigger this without seeing it currently)