← BACK

PASSWORD CHECK

// powered by haveibeenpwned.com

Check if your password has appeared in a known data breach.

🔒 Your password never leaves your device. We convert it to a partial code locally, send only that code to the database, and check the result. Not even we can see what you typed.
// how this works
  1. 01 — Your password is hashed using SHA-1 in your browser
  2. 02 — Only the first 5 characters of that hash are sent to the API
  3. 03 — The API returns all hashes that start with those 5 characters
  4. 04 — Your browser checks if your full hash is in that list
  5. 05 — Your actual password never leaves your device