The probably hash the list of hacked passwords the same way your passwords get hashed and check for matches.
Comment on God ****** dammit, here we go again
AlpacaChariot@lemmy.world 12 hours agoHow do they do that without sending your actual passwords somewhere off your device, or downloading the full list of hacked passwords?
Scrollone@feddit.it 6 hours ago
They connect to the Have I Been Pwned database in a secure way.
They make a hash of your password and send just the first characters.
maxwellfire@lemmy.world 5 hours ago
More details about the k-anonimity process. blog.cloudflare.com/validating-leaked-passwords-w…