Password security
Password Breach Checker
Check if your password has appeared in known data breaches using k-anonymity.
How your privacy is protected:
- Only the first 5 characters of the SHA-1 hash are sent to the API
- The full password never leaves your browser
- Matching is done locally on your device
Result
Enter a password to check if it has appeared in known data breaches.
How it works
This tool uses the k-anonymity model to check if your password has been exposed in known data breaches without revealing your actual password to any server.
- Your password is hashed locally using SHA-1
- Only the first 5 characters of the hash are sent to the API
- The API returns all matching hash suffixes
- Your browser checks locally if your hash matches
Quick examples
Try the sample button to test with a common password.
Mini FAQ
Is my password sent to a server?
No. Only the first 5 characters of the SHA-1 hash are sent. Your password never leaves your browser.
What is k-anonymity?
A privacy model that ensures you cannot be identified from the data sent. The API returns many hash suffixes, not just yours.
What if my password is found?
Change it immediately on all sites where you use it. Use a unique, strong password for each account.
Is "not found" a guarantee?
No. It only means the password is not in the known breach database. Always use strong, unique passwords.