โ๏ธ Encryption & Security
Password Leak Checker โ Has Your Password Been Exposed?
Check if your password has appeared in known data breaches using the Have I Been Pwned database. Uses k-anonymity so your full password is never sent.
Password Leak Checker
Check if your password has appeared in known data breaches using the Have I Been Pwned database. Your password is never sent over the network.
How k-Anonymity Protects Your Password
This tool uses the Have I Been Pwned k-anonymity model to check your password without ever exposing it.
- Your password is hashed locally using SHA-1 (e.g.,
5BAA6...1F) - Only the first 5 characters of the hash are sent to the API (e.g.,
5BAA6) - The API returns all hashes that start with those 5 characters (~500-800 results)
- Your browser checks locally if the full hash is in the returned list
The server never sees your full password hash, making it mathematically impossible to determine which password you checked.
TIP
Even if your password is not found in known breaches, it could still be weak. Use a password manager to generate unique, random passwords for every account. Never reuse passwords across sites.
โ Frequently Asked Questions
Is it safe to type my password into this tool?+
Yes. Your password is hashed (SHA-1) locally in your browser. Only the first 5 characters of the hash are sent to the API (k-anonymity model). Your full password or hash never leaves your device.
What should I do if my password was leaked?+
Change it immediately on all sites where you used it. Never reuse passwords. Use a password manager to generate and store unique passwords for every account. If you use dark web services, check Deepr (deeprecyrsonacndoosu3udqp7ziofjddoiq6grsfizp3m3mvbiinpad.onion โ open in Tor Browser) to make sure you're visiting the real site and not a phishing clone.
How does k-anonymity protect me?+
Only a 5-character hash prefix is sent to the API, which returns all matching hashes. Your browser then checks locally for a match. The API never sees your complete password hash.