This optional check determines if your generated passwords appear in a database of passwords that have been exposed on the internet due to data breaches.
When enabled, the check is performed when you view/generate a password, limited to once every few hours to avoid unncessary, repetitively lookups. If a match is discovered, Passify will display a warning to alert you.
Note that Passify cannot check your passwords at any other time. See the question "Does the HaveIBeenpwned check continually check my passwords?" for more information.
No. Your passwords are not sent to HaveIBeenPwned.com and all checking occurs on your device.
A technical explanation of how this is accomplished using "K-Anonymity" is included in the launch announcement for version 2 of HaveIBeenPwned under the section entitled "Cloudfare, Privacy and k-Anonymity."
No! You should immediately change that password.
If a match is found on a generated password, it likely means that a data breach has occurred for the related domain and your password has been leaked online. Log in with your existing password, and enter your original password in the password change request if required. Then, generate a new password in Passify for that domain and enter it in the new password field.
For convenience, if a password has been discovered to be compromised and a domain name is present in the Generator name, Passify will display a button to jump to the website to change your password.
"Pwned" is a corruption of the word "owned" and is pronounced as "powned". The word originates from a misspelling in a game when the computer beats or dominates the player's abilities. After beating the player, the game would boast about "pwning" the player.
A password has been "pwned" when an attacker has defeated the systems (if any) protecting the password and leaked it online.
Normal, regular usage of Passify will be sufficient enough for it to continually perform the check of your passwords with HaveIBeenPwned.
However, it is important to note that because Passify does not store passwords or your Personal Secret, it is only able to perform HaveIBeenPwned checking for brief periods of time after you have provided your Personal Secret.
Because of this, Passify must perform the check in batches of a few passwords at a time. Over time it will eventually check all of your generators, at which point it will start the process over again.