Breached password checker
Did your password leak in a breach? Check via HIBP with k-anonymity.
Frequently asked questions
Does my password travel to HIBP's server?
No. We use k-anonymity: your browser computes the SHA-1 hash of your password, sends only the first 5 characters of that hash, and receives back the list of hashes starting with that prefix. The comparison against your full hash happens in your browser. HIBP cannot recover your password.
What does it mean to appear in X breaches?
The number indicates how many times that password has appeared in known leaked databases. Any number above zero means it is on "common password" lists that attackers try first. Change it wherever you use it.
If my password is not found, is it safe?
It means it is not in the public HIBP database (~850 million leaked passwords). That is a positive signal but not a guarantee: it could still be weak due to length or predictability. Also use the strength checker.