Is it safe to enter my real password?

The password is hashed locally. Only the first 5 SHA-1 hash characters go to HIBP, corresponding to thousands of passwords.

What if my password is in a breach?

Change it immediately on every account where you use it. Use unique, generated passwords going forward.

Does "not found" mean my password is safe?

No. It means not in the HIBP database. It may still be weak or exposed in unknown breaches.

SHA-1 is used for lookup, not security. The k-anonymity model protects your privacy regardless of the hash algorithm.

Password Exposure

Type a password you want to check for exposure in known data breaches. The tool hashes your password locally and sends only the first 5 SHA-1 characters to HaveIBeenPwned. Review the results to see whether the password appears in known breach databases. If the password has been exposed, change it immediately on all accounts where it is used. Hashes locally and sends only the first five SHA-1 characters to HaveIBeenPwned. Password text never leaves the browser.