Password Breach Checker
Scan your credentials safely. Uses secure k-anonymity protocol to avoid transmitting your password.
What is k-Anonymity?
We use the Have I Been Pwned range API. When you scan a password, we hash it locally using SHA-1. We send only the first 5 characters of that hash (e.g. 21BD1) to the server. The server responds with a list of all leaked hashes starting with those 5 characters. We then search that list locally on your computer for the remaining suffix. Your plain text password never leaves your browser.
What is the Password Breach Checker?
The Password Breach Checker scans past database leaks to check if your credentials have been compromised. It uses a zero-knowledge k-Anonymity protocol to query the Have I Been Pwned database securely without exposing your password.
How it Works
The password is hashed locally using SHA-1. Only the first 5 characters of the hash are sent to the API. The API returns matching suffixes, which are compared locally in your browser. Your password never leaves your device.
Benefits of local generation
- Zero-knowledge search.
- Client-side suffix matching.
- Protects accounts from credential stuffing.
Security Information
Your password is never sent to the network. We query the HIBP range API with the 5-character prefix over HTTPS.
Best Practices
- Never use a password that has been found in a breach.
- Check your primary account credentials regularly.
- Ensure MFA is enabled on all accounts.