Get an instant verdict. Your password never leaves your browser.
Which sign most reliably reveals a phishing email?
Attackers use leaked password lists and fast guessing hardware. Length and unpredictability matter far more than swapping letters for symbols.
Your password is evaluated entirely in your browser. Only an anonymous strength score is ever sent to us — never the password itself.
Yes. Your password is evaluated entirely in your browser and is never sent to our servers. The breach check uses k-anonymity — only the first five characters of a one-way hash ever leave your device.
Length and unpredictability matter most. A long passphrase of unrelated words is far harder to crack than a short password with symbol substitutions, and a password that has appeared in a known breach should be changed immediately.