TecnoCrypter Logo

Password Checker

Has your password been leaked?

Verificar Contraseña
Tu contraseña nunca se envía al servidor. Se usa k-anonymity: solo se envían los primeros 5 caracteres del hash SHA-1.
¿Cómo funciona?

Usamos el protocolo k-anonymity de Have I Been Pwned:

  1. Se genera el hash SHA-1 de tu contraseña localmente en tu navegador.
  2. Se envían solo los primeros 5 caracteres del hash a la API.
  3. La API devuelve todos los hashes que coinciden con ese prefijo.
  4. Se compara el resto del hash localmente, sin revelar tu contraseña.

Tu contraseña nunca sale de tu navegador en texto plano.

Password Strength Checker: Measure Real Security

A password checker evaluates the actual strength of your credentials against modern attacks. Ours combines entropy analysis, common pattern detection, and cross-checks against known data breach dictionaries.

The strength score is not marketing — it's calculated with the mathematical formula log2(pool^length) that measures how many attempts a cracker would need on average. Anything under 60 bits of entropy is considered weak in 2026.

Everything runs locally in your browser. Your password never leaves your device. There's no server storage or telemetry — you can verify this by disconnecting from the internet.

How does it work?

  1. 1
    Paste or type your password

    Enter the password you want to evaluate in the analysis field.

  2. 2
    Review the score

    You'll get a bit-entropy score, estimated crack time, and specific improvement recommendations.

  3. 3
    Apply the suggestions

    Increase length, add character diversity, and avoid dictionary patterns until it reaches at least 80 bits.

Frequently Asked Questions

How is password entropy calculated?

Entropy = log2(pool^length), where 'pool' is the number of possible characters (26+26+10+32 for alphanumeric+symbols = 94) and 'length' is your password's length. It measures the average number of attempts to crack it.

Is 12 characters enough today?

For most services with rate-limiting yes, but for offline hashes (leaked databases) it's recommended to use 16+ characters. Length is exponentially more effective than complexity.

Do you store the passwords I check?

No. All processing runs on the client side with JavaScript. No text is sent to the server, no logs are kept, no cookies with sensitive data. You can inspect the network traffic to verify it.