If you are using a known-compromised password found in the HaveIBeenPwned.com database, you will be prompted to change your password after login or any other time you provide GitHub your password. Additionally, you will not be able to create or update an account with a known-compromised password.