This service provides a secure and anonymous way to check passwords against a large database of known insecure passwords. These include passwords that were exposed by security breaches in the past and should therefor no longer be considered save or secret. This database currently contains more than 9.2 billion unique passwords from various sources, including but not limited to haveibeenpwned.com (~9 million).
Password checks against this database are performed in a way that does not expose the actual password, or any sensitive information about the password or user performing the check. This is ensured by k-anonymity: Only a small fraction of a cryptographic hash of the password is sent to the server. This hash is computed locally, so the original password or its full hash are never transmitted over a network and remain private.
Please note that passwords are NOT checked for common patterns, dictionary words or other aspects that may weaken a password. If a password is not found in this database, it is not necessarily secure. Common practices for strong passwords should always be followed.
Do not enter important passwords on untrusted websites. Check the address bar of your browser before you continue. Make sure you are on a website you trust, and transport security (https) is enabled.
However, this does not imply that the password is particularly strong or secure. Please follow common practices for strong passwords and never use the same passwords for different services.
This password was exposed in at least one security breach and can no longer be considered safe or secret.
If this password was used to secure an important account, immediate action is required. Changing the password is not sufficient! The affected accounts may already be compromised. Please contact your IT department for support. You may reach the GWDG support here.
Password checks can also be performed directly against the Password-Check HTTP API (heavily inspired by haveibeenpwned.com). This is the same API used by this website and allows fast and secure checks without exposing the password being checked. For technical details and examples, please refer to the documentation below:
This service is provided by Gesellschaft für wissenschaftliche Datenverarbeitung mbH. Imprint: https://www.gwdg.de/impressum.