A secure web application that checks if your password has been compromised in known data breaches, using the Have I Been Pwned API.
- 100% Client-Side Processing - Your password never leaves your browser
- Secure Hashing - Uses SHA-1 hashing before any network request
- k-Anonymity Model - Only first 5 characters of the hash are transmitted
- Detailed Risk Assessment - Classifies results as Safe, Low, Medium, or High risk
- Password Education - Includes security tips and breach statistics
- Responsive Design - Works perfectly on all devices
- No Tracking - Zero analytics, zero cookies
- You enter a password in the input field
- The browser hashes it locally using SHA-1
- Only the first 5 characters of the hash are sent to the HIBP API
- The API returns a list of matching hash suffixes with breach counts
- The application shows you the results with security recommendations
graph TD
A[User Enters Password] --> B[Client-Side SHA-1 Hashing]
B --> C[Send First 5 Hash Chars to API]
C --> D[Receive Matching Hashes]
D --> E[Display Breach Count & Risk Level]