Check if your password has been exposed in a data breach — safely and privately.
Your password is hashed using SHA-1 entirely in your browser.
Only the first 5 characters of the hash are sent to the HaveIBeenPwned API.
The API returns all hash suffixes matching that prefix (~500–600 results).
Your browser checks locally if the full hash matches any result. Your password never leaves your device.
Powered by Troy Hunt's HaveIBeenPwned Passwords API. This service indexes over 700 million compromised passwords from real data breaches.