Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
How do they do that without sending your actual passwords somewhere off your device, or downloading the full list of hacked passwords?
They probably hash the list of hacked passwords the same way your passwords get hashed and check for matches.
Interesting, thanks!