diff --git a/canaille/app/forms.py b/canaille/app/forms.py
index 054bc27f..9b1eee1b 100644
--- a/canaille/app/forms.py
+++ b/canaille/app/forms.py
@@ -88,25 +88,26 @@ def password_strength_calculator(password):
 
 
 def compromised_password_validator(form, field):
-    hashed_password = sha1(field.data.encode("utf-8")).hexdigest()
-    hashed_password_prefix, hashed_password_suffix = (
-        hashed_password[:5].upper(),
-        hashed_password[5:].upper(),
-    )
+    if current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"]:
+        hashed_password = sha1(field.data.encode("utf-8")).hexdigest()
+        hashed_password_prefix, hashed_password_suffix = (
+            hashed_password[:5].upper(),
+            hashed_password[5:].upper(),
+        )
 
-    api_url = f"https://api.pwnedpasswords.com/range/{hashed_password_prefix}"
+        api_url = f"https://api.pwnedpasswords.com/range/{hashed_password_prefix}"
 
-    try:
-        response = requests.api.get(api_url, timeout=10)
-    except Exception:
-        check_if_send_mail_to_admins(form, api_url, hashed_password_suffix)
-        return None
+        try:
+            response = requests.api.get(api_url, timeout=10)
+        except Exception:
+            check_if_send_mail_to_admins(form, api_url, hashed_password_suffix)
+            return None
 
-    decoded_response = response.content.decode("utf8").split("\r\n")
+        decoded_response = response.content.decode("utf8").split("\r\n")
 
-    for each in decoded_response:
-        if hashed_password_suffix == each.split(":")[0]:
-            raise wtforms.ValidationError(_("This password is compromised."))
+        for each in decoded_response:
+            if hashed_password_suffix == each.split(":")[0]:
+                raise wtforms.ValidationError(_("This password appears on public compromission databases and is not secure."))
 
 
 def email_validator(form, field):
diff --git a/canaille/core/configuration.py b/canaille/core/configuration.py
index 1d9a9331..1feff413 100644
--- a/canaille/core/configuration.py
+++ b/canaille/core/configuration.py
@@ -320,3 +320,5 @@ class CoreSettings(BaseModel):
     corruption), it is necessary to provide an administration contact
     email.
     """
+
+    ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = False
\ No newline at end of file