🛡️

Password Leak Check

Check if your password is in a data breach — without sending it

🔒 runs locally · no upload · only 1 anonymous leak check (k-anonymity)

Check whether a password has already appeared in known data breaches — using k-anonymity, so your password never leaves your browser.

🔒 k-anonymity: only the first 5 characters of the SHA-1 hash are sent to HIBP — never your password.

💡 Why this tool?

Leaked passwords are tried automatically by attackers. Checking whether a password is burned spots the risk before the damage.

Your benefits

  • k-anonymity: only 5 chars of the hash are sent, never the password
  • Checks against 800M+ leaked passwords
  • Instant, clear result with frequency

🔧 How it works

  1. 1Enter a password (stays local)
  2. 2Click "Check"
  3. 3Read the result — if found: change it everywhere

Frequently asked questions

Is my password transmitted?
No. It is hashed locally as SHA-1; only the first 5 characters of that hash are sent to the HIBP service (k-anonymity). Your password can't be reconstructed from those 5 characters.
What does the result mean?
"Found" means this exact password is in a known data breach and is unsafe. "Not found" only means it isn't in any known breach — it says nothing about its strength.
Why is a network call needed here?
The breach database (800M+ passwords) lives at Have I Been Pwned. The lookup uses the privacy-friendly range method — no own backend and without sending your password.
Should I enter my real password?
Thanks to k-anonymity it's safe. If you want to be maximally cautious, test a similarly-structured example password.