Password leak check

Check if your password has appeared in known data breaches. Powered by Have I Been Pwned. Your password is never sent — only a hash prefix is used.

Privacy

Your password is never sent anywhere. It is hashed with SHA-1 in your browser; only the first 5 characters of the hash are used to query Have I Been Pwned. This is the k-anonymity method used by 1Password, Firefox, and others.

Password to check

About this check

Uses the Have I Been Pwned (haveibeenpwned.com) Pwned Passwords API
Checks against 600+ million passwords from known data breaches
k-Anonymity: only a hash prefix is sent; your password never leaves your device