Check for pwned passwords

Check if the password is already in compromised data, source haveIbeenpwned
What is Check for pwned passwords?
Check for pwned passwords is a Chrome extension that allows you to check if your password has been compromised by comparing it to a database of compromised passwords from haveibeenpwned.com.

Extension stats

Users: 30 ▲ 3
Version: 0.4 (Last updated: 2018-02-23)
Creation date: 2018-02-22
Risk impact: High risk impact
Risk likelihood: Low risk likelihood
Manifest version: 2
Permissions:
  • http://*/*
  • https://*/*
  • tabs
  • activeTab
  • <all_urls>
Size: 50.77K

Other platforms

Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Thanks to awesome Troy hunt, this is based on APIV2 of Have I been passwords k-anonymity check. https://haveibeenpwned.com/API/v2#PwnedPasswords

Steps:

  1. Enter your password.
  2. Before hitting submit, click on the link Check password(Source ...)
  3. It hashes at sends (5 character) to the backend, and then compares locally the hash.
  4. If it is found alerts saying password found in dump, else not found.

Caution: It's alpha version, need to polish it.

Extension safety

Risk impact

Check for pwned passwords requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

Check for pwned passwords has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to Check for pwned passwords: