Password Checker
Has your password been leaked?
Usamos el protocolo k-anonymity de Have I Been Pwned:
- Se genera el hash SHA-1 de tu contraseña localmente en tu navegador.
- Se envían solo los primeros 5 caracteres del hash a la API.
- La API devuelve todos los hashes que coinciden con ese prefijo.
- Se compara el resto del hash localmente, sin revelar tu contraseña.
Tu contraseña nunca sale de tu navegador en texto plano.
Password Strength Checker: Measure Real Security
A password checker evaluates the actual strength of your credentials against modern attacks. Ours combines entropy analysis, common pattern detection, and cross-checks against known data breach dictionaries.
The strength score is not marketing — it's calculated with the mathematical formula log2(pool^length) that measures how many attempts a cracker would need on average. Anything under 60 bits of entropy is considered weak in 2026.
Everything runs locally in your browser. Your password never leaves your device. There's no server storage or telemetry — you can verify this by disconnecting from the internet.
How does it work?
- 1Paste or type your password
Enter the password you want to evaluate in the analysis field.
- 2Review the score
You'll get a bit-entropy score, estimated crack time, and specific improvement recommendations.
- 3Apply the suggestions
Increase length, add character diversity, and avoid dictionary patterns until it reaches at least 80 bits.
Frequently Asked Questions
Entropy = log2(pool^length), where 'pool' is the number of possible characters (26+26+10+32 for alphanumeric+symbols = 94) and 'length' is your password's length. It measures the average number of attempts to crack it.
For most services with rate-limiting yes, but for offline hashes (leaked databases) it's recommended to use 16+ characters. Length is exponentially more effective than complexity.
No. All processing runs on the client side with JavaScript. No text is sent to the server, no logs are kept, no cookies with sensitive data. You can inspect the network traffic to verify it.