Check whether a password has shown up in known data breaches. If it has, attackers already have it on their guess lists, and you should never use it. This is safe to use: your password is hashed inside your browser and never sent anywhere.
How this stays private: your browser computes a SHA-1 hash of the password and sends only the first five characters of that hash to look up matches (a technique called k-anonymity). The password itself, and the rest of the hash, never leave your device. Data comes from the free Have I Been Pwned Pwned Passwords service.
Generate a fresh strong one with our password generator and store it in a manager.
One short email when we publish something useful. No spam, no fearmongering. Unsubscribe anytime.