[shkkmo]

> He's suggesting using (the link is from your link): https://haveibeenpwned.com/Passwords

Please don't make false assertions about what I was suggesting without any evidence.

Pwned Passwords consists of a number of tools, which one you choose to use depends on the concerns you have and the effort you choose to put in. Both the API and the SHA download files provide secure means of checking if your password is present in this data dump.

I would certainly not put any live passwords into the webform.