Utilora

Bulk Password Breach Checker — Private & Local

Zero-Trust Utilities

What is Bulk Password Breach Checker — Private & Local?

Bulk Password Breach Checker allows you to audit your entire password collection against Billions of compromised credentials. While tools like 'Have I Been Pwned' are excellent, they typically require manual entry one-by-one. This utility solves that for power users by automating the process for your entire exported vault. Most importantly, it is built with a zero-trust architecture: your passwords are never uploaded. Instead, your browser hashes each password locally and uses a privacy-preserving protocol called k-anonymity to check for matches.

How it works

The tool uses the SHA-1 algorithm via the browser's WebCrypto API to hash your password. It then takes only the first 5 characters of that hash and sends them to the 'Have I Been Pwned' Range API. The API returns a list of all leaked hashes starting with those 5 characters. Your browser then checks if the full hash of your password matches any in that list. This means the server never knows your full hash, let alone your actual password.

Features & Benefits

  • Check 1000s of passwords in seconds — no more manual one-by-one checks
  • Uses k-anonymity: only the first 5 characters of your password's hash ever leave your browser
  • Your actual passwords never touch the network or our servers
  • Support for major password manager exports (Bitwarden, KeePass, 1Password)

Frequently Asked Questions

Is it safe to paste my passwords here?

Yes, because they never leave your browser. You can even disconnect your internet after the page loads (though the API check requires a connection to fetch the range results).

How does the k-anonymity Range API work?

By sending only 5 chars of the hash, you are 'hiding in a crowd'. The server returns thousands of possible matches, and only your browser knows which one (if any) is yours.

Which export formats are supported?

We support Bitwarden (CSV/JSON), KeePass (CSV), and 1Password (CSV). You can also paste a raw list of passwords.

Related Tools

Strong Password Generator — Safe & Random

Generate secure, random passwords instantly in your browser. Choose length, symbols, and numbers. 100% private.

AES Encrypt & Decrypt

Encrypt and decrypt text with AES-256-GCM using a passphrase. All processing done securely in your browser.

Popular Utilities

JSON Formatter & Validator

Format, validate, and minify JSON instantly in your browser. Your data never leaves your device.

JWT Decoder

Decode JWT tokens and inspect header and payload instantly in your browser. Your tokens never leave your device.

Word Counter

Count words, characters, sentences, and estimate reading time instantly in your browser. No sign-up required.