Password Breach Check — Have I Been Pwned

This tool checks whether your password has appeared in known data breach databases, using the Have I Been Pwned API. The database contains billions of compromised passwords from real-world breaches.

How k-anonymity works

To protect your privacy, k-anonymity is used: the SHA-1 hash of your password is computed, and only the first 5 characters out of 40 are sent to the API. The response contains all hashes with that same prefix. The check whether your specific password is compromised happens locally — the full hash never leaves the server.

What to do if your password is found

• Immediately change the password on all sites where it is used.
• Enable two-factor authentication.
• Use a password manager to generate unique passwords.

This tool uses the public API of haveibeenpwned.com by Troy Hunt.