Passwords & Accounts cybersecurity tools — SafeCadence

Username Leak Checker

Thu, 23 Apr 2026 17:00:33 +0000

Check if a username / email appears in public breach notices

Privacy: this tool lists all breaches publicly documented by Have I Been Pwned. It doesn't confirm whether YOUR specific email is in them — for that, use the Password Leak Checker (k-anonymity). This tool shows which breaches are known so you can cross-reference services you've used.

The post Username Leak Checker appeared first on SafeCadence.

Password Audit Tool

Thu, 23 Apr 2026 17:00:33 +0000

Bulk password audit

Read this first. The CSV export contains your passwords in clear text. This tool analyzes locally — nothing is sent. Delete the CSV immediately after you finish. Close the browser tab when done.

Paste CSV export (columns: name,url,username,password)

The post Password Audit Tool appeared first on SafeCadence.

Credential Stuffing Risk Checker

Thu, 23 Apr 2026 17:00:23 +0000

Credential Stuffing Risk Checker

How exposed are you to attackers reusing leaked credentials?

Privacy: answers stay in your browser. We do not record your responses.

1. Do you reuse passwords across 3+ important accounts?

Yes No / Not sure

If you reuse, one leak compromises all. Fix with a password manager.

2. Are any of your emails in a public breach (check HIBP)?

Yes No / Not sure

If yes, attackers have your credentials to try against other sites.

3. Is MFA enabled on your email, bank, and password manager?

Yes No / Not sure

MFA defeats credential stuffing — enable it everywhere.

4. Do you change leaked passwords within 48 hours of breach news?

Yes No / Not sure

Rapid rotation kills the credential-stuffing window.

5. Are your oldest account passwords 14+ characters?

Yes No / Not sure

Short old passwords are brute-forceable offline.

6. Do you have login alerts enabled (email on new device)?

Yes No / Not sure

First line of defense after a credential-stuff attempt.

7. Have you rotated passwords exposed in a breach in the last year?

Yes No / Not sure

If you saw a HIBP notification, did you act on it?

8. Do you keep track of which password was used where?

Yes No / Not sure

You cannot rotate what you cannot find.

9. Is your primary email on the free-email-provider allowlist for your bank (Gmail, Outlook)?

Yes No / Not sure

Self-hosted / obscure providers sometimes have weaker security.

10. Is your password manager's master password unique?

Yes No / Not sure

Master password reuse is the single biggest vulnerability.

Score

—

Answer the questions above to see your score.

The post Credential Stuffing Risk Checker appeared first on SafeCadence.

Password Reuse Checker

Thu, 23 Apr 2026 15:23:41 +0000

Password Reuse Checker

Walk through your most-used accounts and check if you're reusing passwords.

Privacy: answers stay in your browser. We do not record your responses.

1. Does your email password differ from your bank password?

Yes No / Not sure

If these match, a single leak is catastrophic. Split them today.

2. Is your password-manager master password unique (not reused anywhere)?

Yes No / Not sure

Reusing the master password for another site is a single point of failure.

3. Is your work account password different from personal email?

Yes No / Not sure

Work breach should not touch your personal life.

4. Does each bank / brokerage / crypto account have its own password?

Yes No / Not sure

Financial institutions compartmentalize for a reason. You should too.

5. Do your social media accounts use unique passwords?

Yes No / Not sure

Social media leaks happen often; don't let them pivot elsewhere.

6. Are shopping-site passwords unique from banking?

Yes No / Not sure

Retail sites are constant breach targets; isolate them.

7. Do you change old passwords that you know were reused?

Yes No / Not sure

If you ever reused a password, go change them now — password manager makes this fast.

8. Do you have a password manager generating unique passwords for new accounts?

Yes No / Not sure

This is the one habit that solves password reuse permanently.

9. Have you checked password-manager reports for duplicates?

Yes No / Not sure

1Password Watchtower, Bitwarden Reports, LastPass Security Challenge — use them.

10. Do you NEVER reuse variations ("password1", "password2")?

Yes No / Not sure

Attackers try trivial variations first. "Password!" = same as "Password1".

Score

—

Answer the questions above to see your score.

The post Password Reuse Checker appeared first on SafeCadence.

Account Takeover Risk Score

Thu, 23 Apr 2026 15:23:40 +0000

Account Takeover Risk Score

12-question risk score across your most important online accounts.

Privacy: answers stay in your browser. We do not record your responses.

1. Is every critical account (email, bank, password manager) on MFA?

Yes No / Not sure

MFA is the highest-impact ATO defence by 10x.

2. Are passwords unique across your top 10 accounts?

Yes No / Not sure

One leak breaks all reused accounts.

3. Have you checked Have I Been Pwned in the last 6 months?

Yes No / Not sure

Or use our Password Leak Checker / Username Leak Checker.

4. Are your passwords managed in a password manager?

Yes No / Not sure

Browser-autofill is not a password manager.

5. Are recovery emails and phone numbers current?

Yes No / Not sure

Old recovery options are a re-compromise path.

6. Do your passwords exceed 14 characters for critical accounts?

Yes No / Not sure

Short passwords are brute-forceable offline. Use our Password Generator.

7. Have you reviewed active login sessions in the last 3 months?

Yes No / Not sure

Google and Microsoft both show where you're logged in. Sign out of stale ones.

8. Are login alerts enabled (email on new device/location)?

Yes No / Not sure

Most platforms support this — turn it on everywhere.

9. Do you avoid using SMS for MFA where possible?

Yes No / Not sure

SIM-swap attacks beat SMS MFA. Use authenticator apps or hardware keys.

10. Have you checked for old / unused accounts and closed them?

Yes No / Not sure

Forgotten accounts with weak passwords = lateral movement paths.

11. Is your email provider's account secure (strong password + MFA)?

Yes No / Not sure

Email controls all password resets. Treat it like your crown jewel.

12. Do you use a hardware key (YubiKey) on at least one critical account?

Yes No / Not sure

$25 hardware key = phish-proof login.

Score

—

Answer the questions above to see your score.

The post Account Takeover Risk Score appeared first on SafeCadence.

MFA Readiness Checker

Thu, 23 Apr 2026 15:23:33 +0000

MFA Readiness Checker

12 questions — what MFA gaps you have and which to fix first.

Privacy: answers stay in your browser. We do not record your responses.

1. Is MFA enabled on your email account?

Yes No / Not sure

Email is the reset path for everything else. MFA here is non-negotiable.

2. Is MFA enabled on your bank and financial accounts?

Yes No / Not sure

Even if it's only SMS — turn it on today.

3. Is MFA enabled on your password manager master account?

Yes No / Not sure

If the password manager falls, everything falls.

4. Are you using an authenticator app (not SMS) where possible?

Yes No / Not sure

SMS codes can be SIM-swapped. Google Authenticator, Authy, 1Password Authenticator are all free.

5. Are recovery codes printed / saved to a safe you can actually find?

Yes No / Not sure

If your phone dies and you didn't save recovery codes, you're locked out. Print them.

6. Is MFA enabled on your work accounts (Google Workspace, Microsoft 365, etc.)?

Yes No / Not sure

Your admin may be able to enforce this for you.

7. Is MFA enabled on your social media accounts?

Yes No / Not sure

Account takeover on social leads to impersonation scams of your friends and family.

8. Is MFA enabled on shopping / delivery accounts storing card info?

Yes No / Not sure

Amazon/eBay/shopping accounts hold saved cards — lock them down.

9. Do you use a hardware key (YubiKey) for the most critical accounts?

Yes No / Not sure

Hardware keys are phish-proof. $25 gets you one and covers 99% of threats.

10. Do you know how to add a NEW MFA method if you lose your phone tomorrow?

Yes No / Not sure

Test your recovery path before you need it. Add a second authenticator device or hardware key.

11. Does your family / shared accounts also have MFA?

Yes No / Not sure

Attackers pivot through family members. Help them turn it on too.

12. Do you review MFA-active devices monthly (and remove old ones)?

Yes No / Not sure

Old phones listed as trusted devices are a lateral-movement risk. Remove them.

Score

—

Answer the questions above to see your score.

The post MFA Readiness Checker appeared first on SafeCadence.

Secure Passphrase Generator

Thu, 23 Apr 2026 13:36:22 +0000

Generate a passphrase

Privacy: runs entirely in your browser.

Words: 5

Separator

Capitalize each word Append a random number

Your passphrase

—

— · —

The post Secure Passphrase Generator appeared first on SafeCadence.

Password Leak Checker

Thu, 23 Apr 2026 13:36:22 +0000

Has this password been leaked?

Privacy promise: your password is hashed locally with SHA-1 and only the first 5 hex characters of the hash are sent to the Have I Been Pwned API (k-anonymity). HIBP never sees your full hash or password.

The post Password Leak Checker appeared first on SafeCadence.

Password Generator

Thu, 23 Apr 2026 13:36:21 +0000

Generate a secure password

Privacy promise: this runs entirely in your browser using window.crypto.getRandomValues. Nothing is sent to our servers.

Length: 20

Your password

—

Entropy: — bits · —

The post Password Generator appeared first on SafeCadence.

Password Strength Checker

Thu, 23 Apr 2026 12:36:26 +0000

Test a password

Privacy promise: this entire tool runs in your browser. The password you type is never sent over the network or written to disk.

Strength

—

Type a password above to see its score.

Length
0 characters

Charset size
0 possible chars

Entropy
0 bits

Crack-time assumes a modern offline GPU attacker (~10^11 guesses/sec). Online services with rate limits will take much longer to crack the same password.

The post Password Strength Checker appeared first on SafeCadence.