As a general rule, you should never divulge your password to anyone. But that makes checking the strength of your password or finding out if it’s been involved in a data breach rather difficult.
Our tool has been designed to give you reassurance that your password is secure without your password ever leaving your own device.
How do we do it?
The password checker is comprised of two checks. The first looks at the actual structure of the password. It checks against the most 10,000 most common passwords, it looks for dates, sequences of numbers and letters and also for length and complexity. These checks are done entirely in your own browser, your password never leaves your own device. This check will also give you tips on how you can improve a password.
In the second check we search through millions of passwords that have been released in previous data breaches and have been made easily available to hackers. These lists are commonly used to break into accounts. A password on these lists should not be used.
When you check your password we hash your password using the SHA1 algorithm. Hashing scrambles your password into a unique string of alpha-numeric characters which can’t be unscrambled.
Example: Window!Tree34Car is hashed into 8f0582520b413d54bcb1072d4fc87d5b14ca04f7
We then take just the first 5 characters of the hash and search for just those 5 characters in a huge database of leaked passwords that have also been hashed.
All the results are sent back to your device.
RESULTS
8f0585921a80076f1b3b221acf247a3fe132f58e
8f0583d844e939cde37d31eb78f3a449c8552d39
8f0580ada908212cf08203eb22ae8a615ab1210w
8f0582520b413d54bcb1072d4fc87d5b14ca04f7
8f0584bf8f98ba61aa9782aeae4391dd90eac098
8f05845925baa4742fd23a40e7e9e47dc9170a12
...
We then search this list, if we find the hash of your password in the returned results (as above), we know your password appears in our list of hacked passwords. If may not be YOUR actual account that was hacked, just one with exactly the same password. You should use a different password.
This is a clever way of searching for your password safely without ever actually knowing what your password it. It’s call a k-Anonymity model.
All searches are also performed over a secure HTTPS connection.
Using this method we search a number of lists we have compiled ourselves as well as various online sources.
We let you know how many times your password appears on these lists, we do not store/share the source of the leak.
Any questions about this tool, drop us an email!
