BetterPass

Breach Checker

Check if your password has appeared in known data breaches using the Have I Been Pwned API. Privacy-preserving — only the first 5 hash characters are sent.

Privacy: This tool uses the k-anonymity model. Your password is hashed with SHA-1 locally, and only the first 5 hex characters of the hash are sent to the Have I Been Pwned API. The full hash (and your password) never leave your browser.

How to Use

01

Enter a Password

Type or paste the password you want to check.

02

Click 'Check Breaches'

The tool hashes your password and queries the HIBP database using a privacy-preserving k-anonymity protocol.

03

Review the Result

If found, the tool shows how many breaches contain this password. If not found, you're all clear.

Frequently Asked Questions

What is Have I Been Pwned?

Have I Been Pwned (HIBP) is a service that aggregates data from public data breaches, allowing users to check if their credentials have been exposed.

Is it safe to type my password here?

Yes. Your password never leaves your browser. Only the first 5 characters of its SHA-1 hash are sent to the API, making it impossible to reconstruct the original password.

What does k-anonymity mean?

k-anonymity ensures your specific hash is hidden among many others. The API returns all hash suffixes matching the prefix you sent, so it can't determine which specific hash is yours.

What should I do if my password is found?

Change it immediately on any site where you've used it. Consider using a password manager and enabling two-factor authentication.