Web Tools
Password Breach Checker
Check if your password appeared in known data breaches using the Have I Been Pwned API
Server lookup — your data is not stored
Free
No ads
No account required
Enter Your Password
Your password is hashed locally before any data is sent.
How does this work?
Your password never leaves your browser. We use the k-anonymity model from Have I Been Pwned:
- Your password is SHA-1 hashed entirely in your browser
- Only the first 5 characters of the hash are sent to the API
- The API returns all hash suffixes matching that prefix
- Your browser checks locally if the full hash matches any result
Your full password and its complete hash are never transmitted over the network.