How to explain "the k-anonymity model used by HaveIBeenPwned for pwned passwords doesn’t expose your passwords" to a layman?
People are naturally skeptical when they hear about the HaveIBeenPwned pwned passwords search, because who would in their right mind enter their password into a random website? And sure, HIBP uses k-anonymity to make sure they don’t know y…