Local Password Breach Checker - Online k‑Anonymity
Tell if your password has appeared in data breaches without sending the full password. Uses hash prefix locally.
UD5 Toolkit
Test your password against industry-standard policies & rules in real-time
Minimum 8 characters, requires 3 of 4 character types.
Length
0Unique Chars
0Entropy
0 bitsChar Types
0/4Estimates assume brute-force attack. Actual times vary based on hashing algorithm and salting.
A strong password is long (12+ characters), uses a mix of character types (uppercase, lowercase, digits, symbols), and avoids predictable patterns like dictionary words, keyboard sequences, or personal info. Our checker evaluates all these factors in real-time.
Entropy measures randomness in bits. Higher entropy = harder to guess. A password with 60+ bits of entropy is considered strong. Entropy depends on length and character pool size. For example, a 12-character password using 70 possible symbols has ~74 bits of entropy.
We calculate the total possible combinations (character_pool^length) and divide by attack speeds. The estimate uses three scenarios: online attack (1,000 guesses/sec), fast GPU (1 billion/sec), and a large cluster (1 trillion/sec). Actual crack times depend on the hashing algorithm used by the service storing your password.
NIST SP 800-63B is a U.S. federal standard for digital identity. Key recommendations: minimum 8 characters, allow all printable ASCII characters including spaces, no mandatory composition rules (no forced special chars), and check passwords against known compromised lists. It prioritizes length over complexity.
PCI DSS (Payment Card Industry Data Security Standard) requires: minimum 7 characters, must contain both letters and numbers, and passwords must be changed every 90 days. Our tool checks the structural requirements but cannot enforce rotation policies.
No. All checks run entirely in your browser using JavaScript. Your password never leaves your device, is not stored, logged, or transmitted. You can disconnect from the internet and the tool will still work perfectly. This is a core privacy principle of our tool.
Attackers use dictionary attacks and pattern-based cracking before brute-forcing. Passwords like "Password123!" or "Summer2024" are cracked instantly despite meeting technical complexity rules. Our checker flags keyboard sequences, repeated characters, and common weak passwords.
Try the passphrase method: combine 4-6 random words like "correct-horse-battery-staple". Add a few numbers and symbols for extra strength. Alternatively, use a password manager to generate and store unique strong passwords for each account. Our built-in generator can create secure passwords instantly.
Tell if your password has appeared in data breaches without sending the full password. Uses hash prefix locally.
Identify common grammar mistakes (subject-verb agreement, tense, articles) with simple rule-based analysis. Explanations provided. Not AI, purely rule-based and local.
Interpret your blood pressure reading based on American Heart Association and European Society of Cardiology categories. Visual gauge with actionable health insights.
Check if the browser has captured the beforeinstallprompt event. Understand why your PWA is (or isn't) installable.
Check if a password appears in the Have I Been Pwned database using k‑Anonymity. Only the first 5 characters of the hash are sent.
Enter foreground and background colors to instantly see the contrast ratio and pass/fail for AA and AAA. Simple and fast.
Check which cipher suites a website supports and identify weak or outdated ones. Quick security audit from your browser.
Paste a list of foreground/background color pairs and instantly see which pass AA/AAA. Perfect for checking entire style guides.
Fetch a site’s HSTS header and validate its syntax, max‑age, and subdomain flags. Ensure your site enforce HTTPS.
Enter an API URL and quickly check its HTTP status code and response time. See response headers and body. Browser fetch.
Type any character and see how it renders in different font stacks. Detect missing glyphs and fallback behavior.
Enter a URL and get a one‑page report of titles, description, headings, image alts, and broken links. All from browser.
Look at HTTP headers and JavaScript objects to guess which browser extensions might be installed. For awareness.
Enter a package name and version range to see all satisfying versions from the registry. Understand ^ and ~.
Check if an IBAN has the correct length and structure for its country. Early validation, no bank connection.
Drop an image that might have wrong extension and see its real format (JPEG, PNG, WebP) based on header bytes.
Enter a URL and see its favicon at all standard sizes. Check if it's properly defined. SEO basic check.
Check if a number of the form 2^p‑1 is a Mersenne prime. Quick Lucas‑Lehmer test simulation for small p.
Trace the full redirect path of a URL. See every hop, status code, and final destination. Detect broken chains.
Paste your email body and subject, and get a spam score based on common trigger words and patterns. Improve your cold outreach.
Type a word to see all its homophones with definitions. Avoid embarrassing mistakes (their/there/they’re). Static dictionary.
Classic solubility rules for ionic compounds in water. Determine if a salt is soluble or forms a precipitate. Static guide.
Enter a year to check if it is a leap year. Shows the rule explanation and next/previous leap years. Simple reference.
Find out if a word is an isogram (no repeating letters). Different types: first-order, second-order. Word nerd fun.
Check if a word or phrase is a palindrome (reads same forward and backward). Live validation and fun facts.
Check HTTP status codes for multiple URLs at once. Identify broken links and redirects. All requests made via browser fetch.
Preview the Gravatar image associated with any email address. Generate the correct Gravatar URL. Handy for avatar debugging.
Check if a website is globally reachable or experiencing issues. Status code and latency displayed. Quick browser-side test.
Enter a URL and see the full HTTP response headers returned by the server. Detect redirects and server type. Useful for SEO and web debugging.
Evaluate the strength of your passwords with a visual meter and detailed feedback. Check for length, complexity, and breached passwords. All analysis is client-side.