Pemeriksa Kekuatan Sandi - Uji Bebas Keamanan Sandi Anda

No. Everything in this tool runs entirely in your browser using JavaScript. Your password is never transmitted to blockaway.in or any third party. The breach check uses a k-anonymity technique — only the first 5 characters of a SHA-1 hash are sent to the Have I Been Pwned API, making it impossible to reconstruct your actual password from the request.

Entropy is calculated as: log2(charset_size) × password_length, where charset_size is the number of distinct character types in the password (lowercase a-z = 26, uppercase A-Z = 26, digits 0-9 = 10, symbols = 32). Higher entropy means exponentially more possible passwords, making brute-force attacks harder. Each additional bit of entropy doubles the search space.

Length matters more than complexity. A 20-character password using only lowercase letters has more entropy than a 10-character password using every character type. The combination of length (16+ characters), mixed character types, no dictionary words, and no personal information creates the strongest passwords. A passphrase — four random words joined together — is often both strong and memorable.

The breach check queries the Have I Been Pwned database — a collection of over 10 billion compromised passwords from data breaches worldwide. It uses k-anonymity: your browser computes a SHA-1 hash of your password, sends only the first 5 characters to the API, and the API returns all hashes starting with those 5 characters. Your browser then checks locally whether your full hash appears in the results. Your actual password never leaves your device.

A breach result means your exact password was found in a leaked database — not that someone cracked it. This happens when a service you used was hacked and stored your password in plaintext or with weak encryption. Even a strong, unique password can appear in breach databases if the site that stored it had poor security. If your password appears in breaches, change it immediately on all services where you use it.