ConvertPro

Password Leak Checker

Check if your password has been exposed in known data breaches. Your full password never leaves this device β€” we use k-anonymity via the Have I Been Pwned API.

How your privacy is protected

k-Anonymity

Only the first 5 characters of your password's SHA-1 hash are sent to the HIBP API. Thousands of other hashes share the same prefix, making it impossible to identify your original password. Your full password never leaves this device.

SHA-1 on Device

The SHA-1 hash is computed locally in your browser using the Web Crypto API (crypto.subtle.digest). No data is transmitted before hashing.

HIBP Database

The Have I Been Pwned API aggregates billions of breached credentials from publicly disclosed data breaches. It is maintained by security researcher Troy Hunt and is a trusted industry standard.

This tool performs a k-anonymous search against the Have I Been Pwned API (v3). No passwords, full hashes, or personal data are ever transmitted to any server. All processing occurs entirely in your browser. The HIBP service is provided free of charge by Troy Hunt.Learn more about the API β†’