Prevent Pwned Passwords

Prevent Pwned Passwords helps make sure you don't use any password that's known to have been part of a data breach. If you try to use a password that's known to have been compromised, you'll get an alert.

You can choose to run it whenever you enter a password on any site, whenever you enter a password on a "Create Account" page, or only when you choose to check a password from a context menu. You can also whitelist sites, giving you greater control over what passwords are checked.

This extension hashes your password and securely checks that hash against a database of hashes known to be breached. If it's been involved in a past breach (of any account across hundreds of sites), it notifies you so you can change your password.

Note that the only data ever transmitted is a password hash. We never send a clear-text password or any identifiable information like a username or a URL.

This extension uses the Have I Been Pwned service.