Password Leak Checker

This page will check with https://haveibeenpwned.com's APIs to see if your password has been leaked. I encourage you to view this page's source (secondary click (right click) -> View page source) to verify that this page isn't doing anything weird with your password.

The way this works is simple:

1. Gather password from input
2. Hash password with SHA-1 to get a hex string
3. Take the first 5 characters of that hex string and send it to https://api.pwnedpasswords.com/range/{first 5 hash chars}
4. That request sends back a list of all hashes that begin with the first 5 characters you sent
5. Check client side if your hash is in the list

Because of this, your full hashed password isn't sent anywhere. The first 5 characters aren't enough to figure out what your password is. Even if someone was able to get your returned list of hashes with your first 5 characters, they wouldn't even know if your full hash was found in the list.

Have I Been Pwned?