HaveIBeenPwned.com is project gatehring informations about password breaches, and collecting compromised passwords. It means, if your password (not necessarily password of your account) was somewhere published by hackers, who hacked some passwords database, it will be listed there. And if so, the password is propably not secure anymore.
n3t HaveIBeenPwned checks users passwords during login process, and during registration, or whenever user changes his password. If compromised password is detected, warning is displayed to user or, optionally, user cannot use such password.
Note that communication with HaveIBeenPwned.com API is absolutely anonymous, no passwords are sent through the API, only small parts of hash of password is being used.
This is alternative to force users to use at least 12 characters long password, with capital, lowercase letter, number and special chcracter. If user tries to use compromised password, he is inotified (or blocked).