Is my password sent to any server?

No. Only the first 5 characters of its SHA-1 hash are sent using k-anonymity.

Only a partial hash prefix is sent, making it impossible to reconstruct your password.

What database does it use?

It uses the HaveIBeenPwned (HIBP) Pwned Passwords database with 800M+ breached passwords.

Check if your password has appeared in known data breaches using k-anonymity.

Privacy Protected (k-Anonymity)

Only the first 5 characters of your password's SHA-1 hash are ever sent. Your actual password and full hash stay in your browser.

Password to Check

Type the password you want to check.

Only a partial SHA-1 hash is sent — your password never leaves your browser.

See if the password has appeared in known breaches.

Generate strong, random, and secure passwords instantly. Customize length and character types.

Check how strong your password is.

Encrypt and decrypt text using AES encryption.