Is my password leaked?
Check at haveibeenpwned.com — it's the trusted public database of breached credentials. If your password appears, change it immediately and enable MFA (preferably a passkey) on every account where you reused it. Securie has a free checker at /signup.
Have I Been Pwned (HIBP) maintains a database of ~12 billion breached credentials from publicly-disclosed breaches. It's free, open-source, and run by security researcher Troy Hunt.
Checking safely: - HIBP uses k-anonymity: your password is hashed locally, and only a 5-character prefix of the hash is sent to the API - The API returns all breached hashes starting with that prefix - Your browser matches locally - Your actual password never leaves your device
If your password is found: 1. Change it on the affected service 2. Change it everywhere you reused it (attackers do credential-stuffing) 3. Enable MFA — passkey if supported, TOTP otherwise 4. Use a password manager going forward (1Password, Bitwarden, built-in browser manager)
For passwords that have never been breached: you're not safe. A unique password that isn't breached today may be tomorrow. Password managers + passkeys are the long-term answer.