Verified checks foundation
Run a browser-based password exposure check and save the result to your dashboard without saving the password.
Verified password signal
This check runs in your browser. Your password is hashed locally. Only the first 5 characters of the hash are used to request a range of possible matches. The password is not sent to Check Privacy Score and is not saved.
Verified check result
The browser hashes the password locally, sends only a short hash prefix to the Pwned Passwords range API, then compares the returned suffix list locally. This means the full password is not submitted to Check Privacy Score.
If the password appears in known breached password data, change it anywhere it is used and avoid reusing it.
A “not found” result does not prove a password is safe. It only means it was not found in the checked breach password dataset at the time of the check. Strong, unique passwords and a password manager are still recommended.
How this verified check protects your password
The password check is designed around a k-anonymity model. Your browser hashes the password locally, sends only the first few hash characters to the breach-password service, then checks the returned suffixes in the browser.
This can tell you whether the password appears in known exposed password data without sending the raw password to this site.
Important: never reuse passwords. If this check shows a password has appeared before, stop using it and replace it anywhere it was reused.