Screen breached passwords without ever seeing one.

Check every password against billions of known-compromised credentials at signup, change, and reset. k-anonymity keeps the password on your servers — even from us.

Built for production authentication flows

Privacy-Preserving by Design

k-Anonymity range queries mean you never send the full password hash — only a 5-char prefix. We never store or log passwords or hashes; the prefix is processed in memory only. We cannot reconstruct or identify the original credential.

Configurable Policy Outcomes

Match signals are yours to act on. Block the password outright, require step-up verification, force a reset, or silently notify your security team.

Low-Latency, High-Throughput

p95 response times under 50ms. Designed to sit in the critical path of signup and authentication flows without adding perceptible delay.

Screen at every critical moment

Integrate breach checks wherever passwords are set or changed in your application.

Signup

Prevent users from registering with passwords already known to be compromised. Catch the risk before an account is ever created.

Password Change

Screen new passwords during voluntary changes. Ensure users aren't rotating into another compromised credential.

Password Reset

Enforce breach checks during reset flows. Especially critical after an incident or as part of a forced rotation campaign.

Your policy, your rules

LeakJar detects the risk. You decide the response. Configure policy outcomes per project, per flow, or per risk level.

Block

Reject the password immediately. The user must choose a credential that has not appeared in known breaches.

Step-Up (MFA)

Allow the password but require an additional verification factor. Balances security with user experience.

Force Reset

Accept the password now but mark the account for a mandatory reset within a defined time window.

Notify

Log the match and alert the user or security team without blocking access. Useful during rollout and monitoring phases.

Frequently asked questions

What is breached password detection?

Breached password detection checks whether a password has appeared in a known data breach before you let a user set it. LeakJar compares the password against billions of leaked credentials in real time, so you can block reused, compromised passwords at signup, password change, and reset.

How does LeakJar check passwords without seeing them?

LeakJar uses k-anonymity range queries. Your server hashes the password with SHA-1 and sends only the first five hash characters. LeakJar returns all matching suffixes; you compare locally. The full hash and the plaintext password never leave your infrastructure, so LeakJar cannot see or store them.

When should I screen passwords?

Screen passwords at every point a user sets or submits one: account signup, password change, password reset, and optionally at login. NIST SP 800-63B recommends checking new passwords against known-compromised lists, making signup and reset the highest-value moments to block breached credentials.

Does breached password screening slow down signup or login?

No. LeakJar's range endpoint responds in under 50ms at the p95, and your server compares hash suffixes locally, so screening adds minimal delay to signup, change, or reset flows. It is built to sit directly in the authentication critical path without a perceptible impact on user experience.

Do I need to download or store any breach data to use LeakJar?

No — and that is the point. You never host, store, or receive raw breach data. Your server sends only a 5-character SHA-1 prefix to LeakJar's k-anonymity API and compares hash suffixes locally. LeakJar maintains and continuously updates the breach corpus, so you get current coverage without placing sensitive data on your own infrastructure.

Ready to screen breached passwords?

Get up and running in minutes with our step-by-step quickstart guide.