Password Check

A macOS app to check if your password has been compromised in data breaches using the Have I Been Pwned API. Privacy-first: your password never leaves your computer.

How It Works

This app uses the k-anonymity model to check passwords securely:

┌─────────────────────────────────────────────────────────────────┐
│  YOUR COMPUTER                                                  │
│                                                                 │
│  1. You enter: "MyPassword123"                                  │
│                     │                                           │
│                     ▼                                           │
│  2. SHA-1 hash: 8BE3C943B1609FFFBFC51AAD666D0A04ADF83C9D        │
│                     │                                           │
│                     ▼                                           │
│  3. Split:  [8BE3C] + [943B1609FFFBFC51AAD666D0A04ADF83C9D]     │
│              ▲              ▲                                   │
│           prefix         suffix (stays local)                   │
└──────────────┼──────────────────────────────────────────────────┘
               │
               ▼  Only 5 chars sent
┌──────────────────────────────────┐
│  HIBP API                        │
│  api.pwnedpasswords.com          │
│                                  │
│  Returns ~500 hash suffixes      │
│  matching prefix "8BE3C"         │
└──────────────┬───────────────────┘
               │
               ▼
┌─────────────────────────────────────────────────────────────────┐
│  YOUR COMPUTER                                                  │
│                                                                 │
│  4. App checks locally if your suffix is in the list            │
│                                                                 │
│  5. Result: Safe  or  Compromised (found X times)               │
└─────────────────────────────────────────────────────────────────┘




**Key security points:**
- Your actual password is **never transmitted**
- Only 5 characters of the hash are sent (not enough to reverse)
- The final check happens **locally** on your machine

## Requirements

- macOS 14.0 (Sonoma) or later
- Xcode 15.0 or later

## Customization

All settings are centralized in **`AppConfig.swift`**. Just edit this file to brand the app for your organization:

### Organization & Support

```swift
struct Organization {
    static let name = "Your Organization"      // ← Change this
    static let department = "IT Department"    // ← Change this
    static let author = "Your Name"            // ← Change this
}

struct Support {
    static let phone = "+1 234 567 890"        // ← Change this
    static let email = "support@example.com"   // ← Change this
    static let helpdesk = "helpdesk.example.com" // ← Change this
}

Colors

struct Colors {
    static let blueLight = Color(red: 179/255, green: 217/255, blue: 242/255)
    static let grey = Color(red: 139/255, green: 142/255, blue: 144/255)
    static let background = Color(red: 250/255, green: 250/255, blue: 250/255)
    static let darkBlue = Color(red: 0/255, green: 51/255, blue: 102/255)
}

Logo

1. Add your logo to Assets.xcassets/logo.imageset/
2. Provide @1x, @2x, @3x versions (or a single PDF)

Strings / Localization

All UI texts are in AppConfig.Strings. Translate them as needed:

struct Strings {
    static let mainTitle = "Password Verification"
    static let checkButton = "Check Password"
    // ... etc
}

Project Structure

Password Check/
├── Password_CheckApp.swift   # Main app and views
├── AppConfig.swift           # All configuration here
└── Assets.xcassets/
    └── logo.imageset/        # Your logo

Preview

License

MIT License

Acknowledgments

• Have I Been Pwned by Troy Hunt