Checks Have I Been Pwned breach data without sending your full password.
Privacy first. Your password is hashed in this browser (SHA-1).
Only the first 5 characters of that hash go to Have I Been Pwned’s free range API.
The full password and full hash never leave your device.
Result
—
Hash the password in your browser
Send only a 5-character hash prefix (k-anonymity)
Compare suffixes locally — HIBP never sees the full hash