How do I check if my passwords have been leaked?
Use Have I Been Pwned and your password manager's breach monitoring. If a password appears in any breach, change it everywhere you reused it.
Have I Been Pwned (haveibeenpwned.com) lets you search by email and by password. The password search uses k-anonymity — only the first 5 chars of the SHA-1 hash leave your browser.
1Password Watchtower, Bitwarden Data Breach Report, and Apple/Google's built-in password checkup all flag reused or breached credentials inside your vault.
If a password shows up in a breach, treat it as public. Change it on every site that used it, and enable MFA on the most important accounts (email, bank, password manager).
Subscribe to HIBP notifications for your email — you'll get an alert the next time a breach surfaces your address, often before the breached company tells you.
Upvotes help us prioritise what to answer next.