Bad Passwd - Pwned Passwords Checker

Simple Usage

Bad Passwd is a simple app: you open it, enter a password, tap the Check Password button, and find out if the password has appeared in a data breach or password dump.

Third-Party API

This app uses the Have I Been Pwned? API v2 (Link: to check password hashes.

App Functionality

❓ The only permission required is Internet access.
💾 No user entered data is stored by the app.
⌨️ The hash prefix (first 5 characters of the SHA-1 hash of the password) is updated as you type a password and is displayed next to the Check Password button.
🌐 A tap of a button is required before an API request is made over the Internet, and the only URL that will be requested is https⁠://⁠api⁠.⁠pwnedpasswords⁠.⁠com⁠/⁠range⁠/⁠HASH, where HASH is that displayed next to the button.
⬆️ The only domain name accessed is api⁠.⁠pwnedpasswords⁠.⁠com, and redirects are disabled.
♿ Accessible to those using accessibility tools such as TalkBack.
👂 All visual hints of the app doing something in the background have a verbal equivalent for text to speech users.
🚫 For the password input screen of the app, taking screenshots is disabled.
🤐 Switching away from the app clears any entered password, clears the displayed results of any password hash lookup (including how many times it has appeared in data breaches), and resets the password visibility toggle.
👁️ The password visibility toggle is coloured a shade of red when passwords are displayed, as a compromise between security and functionality.
🌙 This app has a dark/night mode.
Read more

What's New

Landscape mode now uses a landscape-specific layout.
Read more

Additional Information

February 13, 2019
Current Version
Requires Android
5.0 and up
Content Rating
Offered By
John Cook UK
©2021 GoogleSite Terms of ServicePrivacyDevelopersAbout Google|Location: United StatesLanguage: English (United States)
By purchasing this item, you are transacting with Google Payments and agreeing to the Google Payments Terms of Service and Privacy Notice.