CyduckEST. 2026 Open the dashboard Dashboard
Section I · 02 — Password Breach Checker

See if your password is on a leak list.

Type a password. We check it against 850 million leaked credentials. Your password never leaves your browser — we only send the first 5 characters of its hash. Unlimited, anonymous, free.

FIG. I — INPUT
K-anonymous · password never sent · only 5-char hash prefix · How does this work?
FIG. IV — how this works

Your password never leaves your browser.

  1. 01
    Hash locally. We compute the SHA-1 hash of your password right here in your browser. Nothing is transmitted yet.
  2. 02
    Send only 5 characters. We send the first 5 characters of the hash (a 4-digit hex prefix) to the leak database. That's it. Your actual password — and even the rest of its hash — stays here.
  3. 03
    Match locally. The database returns ~500 hashes that share that prefix. We check, in your browser, whether any of them is the full hash of your password.

This is called k-anonymity. The leak database can't know which password you checked. Neither can we.

While you're here, strengthen the rest.

Three tools, all browser-only. No accounts. The same instruments behind the Scorer.

№ 01 Email Breach Checker Find which breaches include your address. № 04 Password Generator Long, random, locked away. № 03 Spam Detective Detect phishing & spam in seconds.