Checks against the Pwned Passwords API using the first five characters of the SHA1 hash of a password to determine if it exists in previously disclosed breaches.