Check if a password has appeared in known data breaches. Uses HIBP k-anonymity. Only a hash prefix is sent, never the full password.
Uses the HaveIBeenPwned k-anonymity API. Only the first 5 characters of a SHA-1 hash are sent. The full password never leaves your browser.