Check if a password has appeared in known data breaches using the Have I Been Pwned database — without ever sending your actual password.
How it works (k-anonymity): Your password is hashed with SHA-1. Only the first 5 characters of that hash are sent to HIBP. The API returns all hashes starting with those 5 chars. Your browser then checks locally if the full hash matches. Your actual password never leaves your device.
Scan all saved passwords against the HIBP breach database. Same k-anonymity — your passwords never leave your device.