🔍 Have I Been Pwned?

Check if a password appears in known data breaches — without revealing it.

🛡️

Not Found in Breaches

This password has not appeared in any known data breaches in the Have I Been Pwned database.

⚠️

Password Compromised!

This password has been found times in known data breaches.

You should change this password immediately.

Generate a Secure Password

How K-Anonymity Works

Your password is never sent to any server. Here's the process:

  1. Your password is hashed with SHA-1 locally in your browser.
  2. Only the first 5 characters of the hash are sent to the Have I Been Pwned API.
  3. The API returns all hash suffixes matching that prefix (~500-800 results).
  4. Your browser checks locally if the full hash appears in the results.
  5. The API operator never sees your password or its full hash.

Learn more: HIBP k-Anonymity documentation