Explain why it's safe to enter my password?

[RamblingGeekUK]

Maybe add text explaining why entering your password here is safe?

[troyhunt]

Yep, I agree!

@indyber I think we should have a small line of text somewhere to the effect of "Read how your password is protected while searching". When then really need to highlight this somewhere more on the page: looking at it again now, we're missing one of the killer features of this service which is k-Anonymity. I think that within the current "API & Integration" section but after the two existing panels there, we need a double-width section with an explainer on one side and code on the other. Here's a go at the content:

When searching for a password in the form above or via the API, the password itself is never sent to HIBP. Instead, a very small portion of the hash of the password is sent in the request and all possible matches are then returned. The client can then match the password without ever sending the plain text value to the service.

And code wise, have a look at this blog post and see if you think it makes sense to somehow illustrate the hashing logic: https://www.troyhunt.com/understanding-have-i-been-pwneds-use-of-sha-1-and-k-anonymity/

It may be that we keep it much more brief on the website then just link off to the blog. We can also later consider a dedicate page on the new site that goes into the technical detail, but I suggest that's a post-launch activity.

Finally, let's also get a mention of "Search securely using k-Anonymity to ensure the source password is never disclosed" under the existing "Why chack for pwned passwords" heading.