Privacy-First Tool

About PasswordScan

We built PasswordScan because most online password checkers send your password to a server. We think that's wrong. Here's how we do it differently.

0
Passwords ever stored or transmitted
150+
Common passwords checked against
8
Security factors analyzed per password
MIT
Open source license — fully transparent
Why It Matters

Why client-side security is safer

Most password checkers work by sending your password to a remote server for analysis. This means your password passes over the internet, potentially through third-party infrastructure, and is logged in server access logs — even if "just for a moment."

PasswordScan works entirely differently. Our JavaScript engine runs inside your browser. Your password is never serialized into a network request. It never touches our infrastructure. It disappears the moment you close the tab.

Try the Tool →

Zero Data Transmission

Your password is processed by JavaScript in your browser's memory only. No network requests are made with your password data.

No Database, No Logs

We have no backend server that stores passwords or analysis results. There is no database to breach.

Open Source Code

Our code is released under the MIT license. Anyone can read, audit, or fork it. Transparency is a feature, not an afterthought.

Works Offline

Because everything runs locally, PasswordScan works without an internet connection after the initial page load.

Algorithm

How the scoring works

Our engine checks 8 distinct factors to produce a score from 0 to 100.

1

Length Analysis

Longer passwords are exponentially harder to crack. We award up to 20 points for length, with bonus points at 16+ and 20+ characters.

2

Character Variety

Using uppercase letters, lowercase letters, numbers, and symbols expands the "search space" an attacker must check. Each category adds points.

3

Entropy Calculation

We calculate the mathematical entropy (bits of randomness) using the formula: length × log₂(charset size). Higher entropy = harder to crack.

4

Common Password Check

We check against a dictionary of 150+ most commonly used passwords. If your password matches, the score immediately drops to 0.

5

Sequential Pattern Detection

Patterns like "abc", "123", or "xyz" are trivially easy to guess. We detect these across alphabets, number sequences, and keyboard layouts.

6

Keyboard Pattern Detection

Keyboard walks like "qwerty", "asdfgh", or "zxcvbn" appear in every attacker's dictionary. We penalize these patterns heavily.

7

Repetition Penalty

Repeated characters like "aaa" or "111" reduce entropy significantly. We detect character runs and high character-frequency ratios.

8

Crack Time Estimation

Based on the entropy, we estimate how long it would take a modern GPU cluster making 10 billion guesses per second to crack the password.

Open Source

Released under the MIT License

PasswordScan is free and open source. Read the code, fork it, build on it. View the full MIT license →

Check Your PasswordScan