Your computer is basically sending a part of your password (the first five characters of a hash) and if the server responds positively to a match it sends all the other possible combinations and your computer looks to see if it matches the rest based on when you typed.
Except you’re not
https://haveibeenpwned.com/API/v3#PwnedPasswords
Your computer is basically sending a part of your password (the first five characters of a hash) and if the server responds positively to a match it sends all the other possible combinations and your computer looks to see if it matches the rest based on when you typed.
For more information
https://en.wikipedia.org/wiki/K-anonymity
It’s always good to be cautious, but it’s especially important to know how tech works, especially good tech, when it can have immense benefit