Security · Client-side · k-anonymity
Password & Breach Auditor
Type a password to estimate its strength and crack time — entirely in your browser. The breach check is privacy-preserving: only the first 5 characters of its SHA-1 hash ever leave your device.
—
Crack time · offline (fast hash)
—
Crack time · online (throttled)
—
Privacy: nothing is stored, logged, or sent anywhere as you type. Strength is computed locally. The breach lookup uses the HaveIBeenPwned range API with k-anonymity — your password is SHA-1 hashed in-browser and only the 5-char prefix is sent; the matching is done here on the full list of suffixes that prefix returns.