Generate strong passwords, test password strength, or check if a password has been exposed.
We never send full passwords to the server when doing these checks.
This uses k-anonymity: only the SHA-1 prefix (first 5 chars) is sent to the HIBP range API. Full password never leaves the browser.