This is a simple and modern web app that evaluates the strength of your password and checks if it has been exposed in known data breaches using k-anonymity and the Have I Been Pwned API.
- Real-time password strength score (0–100)
- Checks for:
- dictionary words
- leet substitutions
- repeated characters
- common patterns (e.g., "1234", "qwerty")
- years and names + years
- Visual feedback (strength bar and tips)
- Optional password suggestion generator
- Checks password exposure without sending it in full (SHA-1 k-anonymity)
- Built with HTML, CSS, JavaScript, and Swiper.js
Your password never leaves your device. The app uses only the first 5 characters of its SHA-1 hash to query the HIBP API (k-anonymity principle).
- Vanilla JS (no frameworks)
- Web Crypto API (SHA-1)
- Swiper.js for UI tips carousel
- Fully responsive and works offline
