Password Breach Checker — Free Security Tool
Check if your password has been exposed in data breaches using Have I Been Pwned. Your password never leaves your browser.
How It Works
Type your password and click check. The tool hashes it locally using SHA-1 via the Web Crypto API, sends only the first 5 characters of the hash to Have I Been Pwned's API, and checks the response locally. If found, it tells you how many breaches included that password.
Frequently Asked Questions
Yes. Your full password never leaves your browser. Only the first 5 characters of the SHA-1 hash are sent to the API, making it mathematically impossible to reverse-engineer your password.
Your password is hashed with SHA-1 locally. Only the first 5 hash characters are sent to the API, which returns all matching suffixes. Your browser then checks locally if any match — the server never sees your full hash.