Pwned Passwords
This tool will help you to check if your passwords have been pwned. It's Javascript-based and does not save any passwords.
Good news — no pwnage found!
This password wasn't found in any of the Pwned Passwords loaded into Have I Been Pwned. That doesn't necessarily mean it's a good password, merely that it's not indexed on this site. If you're not already using a password manager, go and download one and change all your passwords to be strong and unique.
Oh no — pwned!
This password has previously appeared in a data breach and should never be used. If you've ever used it anywhere before, change it!
About this tool
This tool uses hibp-js to check if a password exists in the Have I Been Pwned Password database. It contains +600M real-world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at a much greater risk of being used to take over other accounts.
This tool will first hash the password using SHA-1 and then send the first five characters to HIBP's server, which will return a list of hashes that starts with those characters. It then checks if the hash exists in the returned list and shows the result. In that process, no password will be stored or transmitted to HIBP. You can check their Privacy Policy.
How to improve your Passwords easily
With those 3 options, you can quickly improve your passwords by thinking in a passphrase.
- Memorize a sentence and use only the 1st letter of each word (or only the second or last). Afterward, change possibly still certain letters into numbers or special characters.
- Use a whole sentence as a password or string together different words connected by special characters.
- Another option is randomly choosing 5-6 words from the dictionary and separating them with a space.
This results in a password that is easy to remember, easy to type, and difficult for attackers to crack.
Example of converting a weak password to a strong one
With these 7 steps, you can create a strong password:
- Use, e.g., the phrase "Open sesame".
- Rephrase it to "Oh dear sesame, please open up".
- Transform the word "open" to "OPEN".
- Change the uppercase letter "O" to "0" (zero).
- Replace the whitespaces with hyphens (-) and underscores (_).
- Switch the lowercase letter "l" in please with the number "1".
- Add an exclamation mark at the end of the passphrase.
This results in the password: 0h-dear-sesame,_p1ease_0PEN_up!