diff --git a/resources/views/components/layouts/public.blade.php b/resources/views/components/layouts/public.blade.php
index 64e9c5c..274c06e 100644
--- a/resources/views/components/layouts/public.blade.php
+++ b/resources/views/components/layouts/public.blade.php
@@ -170,6 +170,74 @@ class="w-10 h-10 rounded-full bg-primary text-primary-content flex items-center
         </div>
     </header>
 
+
+        <!-- Password Breach Warning Alert -->
+<!-- Password Breach Warning Alert -->
+@if ( session('password_breach_warning'))
+<!-- Inline alert for desktop -->
+<div class="hidden sm:block">
+    <x-mary-alert 
+        title="Warning {{ session('password_breach_warning') }}" 
+        icon="o-exclamation-triangle" 
+        dismissible 
+        class="alert-warning px-42 text-lg"
+        x-data="{ show: true }"
+        x-show="show"
+    >
+        <x-slot:actions>
+            <a href="{{ route('settings.password') }}" @click="show = false">
+                <x-mary-button label="Change password" class="btn-warning btn-soft"/>
+            </a>
+        </x-slot:actions>
+    </x-mary-alert>
+</div>
+
+<!-- Mobile popup alert -->
+<div class="sm:hidden" x-data="{ open: true }" x-show="open">
+    <!-- Full-screen dark overlay -->
+    <div 
+        class="fixed inset-0 bg-black/70 z-40" 
+        @click="open = false"
+    ></div>
+
+    <!-- Modal -->
+    <div class="fixed inset-0 flex items-center justify-center z-50 px-4">
+<div class="bg-base-100 rounded-lg w-full max-w-sm p-6 relative shadow-lg">
+
+            <!-- Close button -->
+         <!-- Close button -->
+<button 
+    @click="open = false" 
+    class="absolute top-3 right-3 text-gray-800 hover:text-gray-900 text-3xl font-bold"
+    aria-label="Close"
+>
+    &times;
+</button>
+
+
+            <!-- Warning message -->
+            <div class="mb-6 flex flex-col items-center text-center gap-2">
+                <x-mary-icon name="o-exclamation-triangle" class="h-8 w-8 "/>
+                <span class="font-medium content">
+                    Warning: {{ session('password_breach_warning') }}
+                </span>
+            </div>
+
+            <!-- Change password button -->
+            <a href="{{ route('settings.password') }}" @click="open = false">
+                <x-mary-button label="Change password" class="btn-warning btn-soft w-full"/>
+            </a>
+        </div>
+    </div>
+</div>
+
+
+@endif
+
+
+
+
+
     <!-- Main Content -->
     <main class="min-h-screen">
         {{ $slot }}
diff --git a/resources/views/livewire/auth/login.blade.php b/resources/views/livewire/auth/login.blade.php
index 4d66965..0304cc8 100644
--- a/resources/views/livewire/auth/login.blade.php
+++ b/resources/views/livewire/auth/login.blade.php
@@ -2,6 +2,7 @@
 
 use Illuminate\Auth\Events\Lockout;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Http;
 use Illuminate\Support\Facades\RateLimiter;
 use Illuminate\Support\Facades\Route;
 use Illuminate\Support\Facades\Session;
@@ -40,6 +41,11 @@ public function login(): void
         RateLimiter::clear($this->throttleKey());
         Session::regenerate();
 
+        if ($this->isPasswordPwned($this->password)) {
+            // Flash a warning message after successful login
+            session()->flash('password_breach_warning', ' Your password has appeared in a data breach. For your safety, please change it soon.');
+        }
+
         $this->redirectIntended(default: route('home', absolute: false), navigate: true);
     }
 
@@ -71,6 +77,48 @@ protected function throttleKey(): string
     {
         return Str::transliterate(Str::lower($this->email).'|'.request()->ip());
     }
+
+
+
+
+  protected function isPasswordPwned(string $password): bool
+{
+    $sha1 = strtoupper(sha1($password));
+    $prefix = substr($sha1, 0, 5);
+    $suffix = substr($sha1, 5);
+
+   try {
+        $response = Http::timeout(2)->get("https://api.pwnedpasswords.com/range/{$prefix}");
+    } catch (\Exception $e) {
+        return false; // fail-safe on timeout or connection error
+    }
+    if ($response->failed()) {
+        return false; // fail-safe
+    }
+
+    foreach (explode("\n", $response->body()) as $line) {
+        $line = trim($line);
+        if (empty($line) || strpos($line, ':') === false) {
+            continue; // skip empty or malformed lines
+        }
+
+        [$hashSuffix, $count] = explode(':', $line, 2); // limit to 2 parts
+        if ($suffix === $hashSuffix) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
+
+
+
+
+
+
+
+
 }; ?>
 
 <div class="flex flex-col gap-6">
@@ -79,11 +127,13 @@ protected function throttleKey(): string
         <p class="mt-1 text-sm text-base-content/70">{{ __('Enter your email and password below to log in') }}</p>
     </div>
 
-    @if (session('status'))
-        <x-mary-alert color="info" class="text-center">
-            {{ session('status') }}
-        </x-mary-alert>
-    @endif
+  @if (session('status'))
+    <x-mary-alert color="info" class="text-center">
+        {{ session('status') }}
+    </x-mary-alert>
+@endif
+
+    
 
     <form method="POST" wire:submit="login" class="flex flex-col gap-6">
         <x-mary-input