How to Check Password Breaches
Check whether a password has appeared in known data breaches. Thanks to k-anonymity, your full password never leaves your browser.
Open the Breach Check page
Open the SecureMint Breach Check page (/breach-check). No signup or login required.
Enter the password to check
Type the password you want to check. It is SHA-1 hashed in your browser, and only the first 5 characters of the hash are sent to the external API.
Click 'Check'
Press the button for an instant result. Your input is matched against the Have I Been Pwned database.
Review the result
'Not found' means safe for now. If it shows 'appeared N times', change the password immediately. Generate a strong replacement on the Password Generator page.
Understand the privacy design
With k-anonymity, only the hash prefix (e.g. 5BAA6) is sent to the API, which returns matching hashes. The final comparison happens in your browser β so neither your password nor its full hash ever leaves your device.
Tips
- π‘οΈUses the Have I Been Pwned k-anonymity API β only the first 5 characters of the SHA-1 hash are sent
- πGreat for auditing whether you've reused the same password across services
- πIf a breach is found, change it immediately. Use the Password Generator for a strong replacement