Has this password been leaked?

Checks Have I Been Pwned breach data without sending your full password.

Privacy first. Your password is hashed in this browser (SHA-1). Only the first 5 characters of that hash go to Have I Been Pwned’s free range API. The full password and full hash never leave your device.
  1. Hash the password in your browser
  2. Send only a 5-character hash prefix (k-anonymity)
  3. Compare suffixes locally — HIBP never sees the full hash

Also try crack-time estimator · password generator

Ad space