Device Security Score

Device Security Score

15-question device-hygiene score for your laptop or phone.

Privacy: answers stay in your browser. We do not record your responses.

1. Is full-disk encryption enabled (BitLocker, FileVault, iOS/Android auto)?

Yes No / Not sure

A lost device without encryption = a data breach. Enable it now.

2. Is automatic OS update on?

Yes No / Not sure

Out-of-date OS is the #1 malware infection vector for consumer devices.

3. Is the device's lock screen set to lock within 5 minutes of idle?

Yes No / Not sure

Shoulder-surfing and casual access attacks happen. Lock fast.

4. Does the device require a PIN/password/biometric to unlock?

Yes No / Not sure

No swipe-to-unlock. Even a 6-digit PIN is meaningful friction.

5. Is Find My Device / Find My iPhone enabled?

Yes No / Not sure

Remote-wipe a lost device in seconds. Enable this now if you haven't.

6. Are apps installed only from official stores (not sideloaded APKs)?

Yes No / Not sure

Side-loaded apps are the #1 Android malware vector.

7. Do you review app permissions at least every 6 months?

Yes No / Not sure

Microphone, location, contacts — most apps have permissions they don't need.

8. Is the device antivirus / built-in protection enabled (Defender, XProtect)?

Yes No / Not sure

Windows Defender is on by default and is fine for most people. Don't disable it.

9. Are unused apps removed (not just from home screen — actually uninstalled)?

Yes No / Not sure

Every installed app is attack surface. Prune quarterly.

10. Is the firewall enabled (macOS/Windows built-ins)?

Yes No / Not sure

Both ship with a firewall. Turn it on.

11. Is Bluetooth off when not in use?

Yes No / Not sure

Old Bluetooth stacks have exploitable vulns. Toggle off when not paired.

12. Is the device's screen auto-lock timeout ≤ 2 minutes when mobile?

Yes No / Not sure

Phone left on the coffee shop table for 10 min is free access.

13. Do you reboot the device at least monthly?

Yes No / Not sure

Regular reboots clear a lot of memory-resident malware and apply pending OS updates.

14. Do you run backups (Time Machine, Windows Backup, iCloud, Google One)?

Yes No / Not sure

If ransomware hits, your backup is your only path back.

15. Is the device inventoried / documented somewhere you can find?

Yes No / Not sure

Serial number, purchase receipt. Critical for lost/stolen claims and insurance.

Score

—

Answer the questions above to see your score.

Home WiFi Security Checker

Home WiFi Security Checker

10 questions about your home router and WiFi setup — find the 3 things to fix.

Privacy: answers stay in your browser. We do not record your responses.

1. Is your WiFi using WPA2 or WPA3 (not WEP or open)?

Yes No / Not sure

WEP is broken; open WiFi is exposed. Switch to WPA2 at minimum, WPA3 if your router supports it.

2. Did you change the router's default admin password?

Yes No / Not sure

Default passwords are indexed in public databases. Change it today.

3. Is the router's firmware up to date?

Yes No / Not sure

Log into the admin page, look for "firmware" or "update." Many consumer routers haven't been updated in years.

4. Is WPS (WiFi Protected Setup) disabled?

Yes No / Not sure

WPS has known attacks. Disable it if your devices don't require it.

5. Is the WiFi password at least 14 characters?

Yes No / Not sure

Short WPA2 passwords can be cracked offline in days. 14+ mixed characters pushes that to decades.

6. Is a separate guest network enabled for visitors / IoT?

Yes No / Not sure

Isolate smart TVs, doorbells, and visitor devices from your laptops on a guest VLAN.

7. Is remote management / admin-from-WAN disabled?

Yes No / Not sure

Attackers scan the internet for exposed router admin pages. Turn it off unless you need it.

8. Is the router less than 5 years old?

Yes No / Not sure

Most consumer routers stop receiving security updates around year 5. If you're past that, replace it.

9. Have you reviewed connected devices recently?

Yes No / Not sure

Most router admin pages show every device — check for unfamiliar ones.

10. Is DNS set to a secure resolver (1.1.1.1, NextDNS, Quad9)?

Yes No / Not sure

Stops connections to known-malicious domains at the DNS layer.

Score

—

Answer the questions above to see your score.

Browser Security Checker

Browser Security Checker

10 questions — is your browser protecting you like it should?

Privacy: answers stay in your browser. We do not record your responses.

1. Is your browser on its latest version (auto-update on)?

Yes No / Not sure

Chrome, Firefox, Edge, Safari all auto-update. Open about: and verify.

2. Have you reviewed installed extensions in the last 6 months?

Yes No / Not sure

Extensions can read everything you type. Prune to what you actually use.

3. Do you use a content blocker (uBlock Origin) or the browser's built-in tracker block?

Yes No / Not sure

Beyond ads: blocks known malicious domains and trackers.

4. Is HTTPS-only mode enabled?

Yes No / Not sure

Firefox and Chrome both support "HTTPS-only" that blocks plain HTTP pages.

5. Is the browser's Safe Browsing / anti-phishing protection on?

Yes No / Not sure

Chrome: Settings → Privacy → Safe Browsing. Firefox: equivalent under Privacy.

6. Do you use browser profiles to separate work and personal sessions?

Yes No / Not sure

Profile isolation contains compromise and reduces cross-site tracking.

7. Are third-party cookies blocked or restricted?

Yes No / Not sure

Firefox and Safari block by default. Chrome has "Block third-party cookies" option.

8. Is autofill restricted to a password manager (not the browser's built-in)?

Yes No / Not sure

Browser autofill leaks credentials to malicious scripts. Use 1Password / Bitwarden instead.

9. Are unused browsers uninstalled from your device?

Yes No / Not sure

That dusty old Edge / Internet Explorer you never use is still a target.

10. Do you routinely clear cookies / site data for sites you don't return to?

Yes No / Not sure

Or use "clear on exit" for third-party sites.

Score

—

Answer the questions above to see your score.

Privacy Score Checker

Privacy Score Checker

12 questions — privacy posture across browser, OS, and accounts.

Privacy: answers stay in your browser. We do not record your responses.

1. Do you use a browser that blocks trackers by default (Firefox, Brave, Safari)?

Yes No / Not sure

Chrome without extensions sends a lot of telemetry. Firefox or Brave block most trackers automatically.

2. Is uBlock Origin (or equivalent content blocker) installed?

Yes No / Not sure

uBlock Origin is free, open-source, and blocks most ad and tracking networks.

3. Do you review app permissions on your phone monthly?

Yes No / Not sure

Apps collect location, contacts, microphone access. Settings → Privacy → review each.

4. Is your primary email with a privacy-respecting provider (Proton, Fastmail) or have you turned off ad personalization in Gmail?

Yes No / Not sure

Ad-supported email scans content for ads. Either switch or disable personalization.

5. Do you use a password manager (not browser-autofill)?

Yes No / Not sure

Dedicated password managers isolate credentials from your browser profile.

6. Have you opted out of major data brokers in the last year?

Yes No / Not sure

Services like DeleteMe, Privacy Bee, or manual opt-outs via Intelius/Spokeo help.

7. Do you use "Sign in with Apple" or a masked email for random signups?

Yes No / Not sure

Hide My Email / Firefox Relay / SimpleLogin prevent leak spread.

8. Is location services OFF by default (only enabled per-app when needed)?

Yes No / Not sure

Most apps don't need "always" location. Switch to "while using" or off.

9. Are ad IDs reset monthly on your phone?

Yes No / Not sure

iOS: Settings → Privacy → Tracking → off. Android: Settings → Privacy → Ads → delete advertising ID.

10. Do you use DNS over HTTPS / a privacy-respecting DNS (1.1.1.1, NextDNS)?

Yes No / Not sure

Your ISP sees every DNS lookup by default. Switch to 1.1.1.1 or NextDNS in 2 minutes.

11. Are social media accounts set to friends-only / non-discoverable?

Yes No / Not sure

Public profiles are the primary research source for scammers and stalkers.

12. Do you check HaveIBeenPwned for your email at least quarterly?

Yes No / Not sure

Or use our Password Leak Checker and Username Leak Checker — free, no signup.

Score

—

Answer the questions above to see your score.

MFA Readiness Checker

MFA Readiness Checker

12 questions — what MFA gaps you have and which to fix first.

Privacy: answers stay in your browser. We do not record your responses.

1. Is MFA enabled on your email account?

Yes No / Not sure

Email is the reset path for everything else. MFA here is non-negotiable.

2. Is MFA enabled on your bank and financial accounts?

Yes No / Not sure

Even if it's only SMS — turn it on today.

3. Is MFA enabled on your password manager master account?

Yes No / Not sure

If the password manager falls, everything falls.

4. Are you using an authenticator app (not SMS) where possible?

Yes No / Not sure

SMS codes can be SIM-swapped. Google Authenticator, Authy, 1Password Authenticator are all free.

5. Are recovery codes printed / saved to a safe you can actually find?

Yes No / Not sure

If your phone dies and you didn't save recovery codes, you're locked out. Print them.

6. Is MFA enabled on your work accounts (Google Workspace, Microsoft 365, etc.)?

Yes No / Not sure

Your admin may be able to enforce this for you.

7. Is MFA enabled on your social media accounts?

Yes No / Not sure

Account takeover on social leads to impersonation scams of your friends and family.

8. Is MFA enabled on shopping / delivery accounts storing card info?

Yes No / Not sure

Amazon/eBay/shopping accounts hold saved cards — lock them down.

9. Do you use a hardware key (YubiKey) for the most critical accounts?

Yes No / Not sure

Hardware keys are phish-proof. $25 gets you one and covers 99% of threats.

10. Do you know how to add a NEW MFA method if you lose your phone tomorrow?

Yes No / Not sure

Test your recovery path before you need it. Add a second authenticator device or hardware key.

11. Does your family / shared accounts also have MFA?

Yes No / Not sure

Attackers pivot through family members. Help them turn it on too.

12. Do you review MFA-active devices monthly (and remove old ones)?

Yes No / Not sure

Old phones listed as trusted devices are a lateral-movement risk. Remove them.

Score

—

Answer the questions above to see your score.

SMB Cyber Risk Score

SMB Cyber Risk Score

20 questions — get an actionable risk score and the top things to fix first.

Privacy: answers stay in your browser. We do not record your responses.

1. Is MFA enforced on every admin and email account?

Yes No / Not sure

Multi-factor authentication is the single highest-impact control. Turn it on everywhere administrative.

2. Do all endpoints have EDR/antivirus with automatic updates?

Yes No / Not sure

Modern EDR (Windows Defender for Business, SentinelOne, CrowdStrike) is table stakes.

3. Are backups automated, offsite, and tested for restore at least quarterly?

Yes No / Not sure

A backup you haven't tested to restore is a backup you don't have.

4. Do you have a documented password policy (or a password manager mandated)?

Yes No / Not sure

Deploy 1Password / Bitwarden / Dashlane company-wide. Password policies alone don't work.

5. Is every laptop full-disk encrypted (BitLocker, FileVault)?

Yes No / Not sure

A lost laptop becomes a breach without disk encryption. Both Windows and macOS ship with it free.

6. Do you run phishing simulations or security-awareness training at least yearly?

Yes No / Not sure

Even basic free training (KnowBe4 free tier, Hoxhunt) reduces click-through on real phishing.

7. Are OS and application patches applied within 30 days of release?

Yes No / Not sure

Most ransomware exploits known vulnerabilities patched months ago. Close the window.

8. Do you have a written incident response plan (even one page)?

Yes No / Not sure

When a breach happens you don't want to be googling "what to do." Write it now.

9. Are contractor / ex-employee accounts disabled within 24 hours of offboarding?

Yes No / Not sure

Dormant accounts are a favourite attacker pivot. Automate offboarding checklists.

10. Is the Wi-Fi network segmented so guest devices can't reach internal hosts?

Yes No / Not sure

Most business routers support VLAN or guest-network separation. Turn it on.

11. Do you use SSO (Google, Microsoft 365, Okta) for the SaaS tools you can?

Yes No / Not sure

SSO means one place to disable access for departed employees, and one place to enforce MFA.

12. Do you have cyber insurance, and know what it excludes?

Yes No / Not sure

Insurance is a financial safety net, not a control. Read the exclusions before an incident.

13. Is critical data categorized and access-controlled (not everyone-can-read)?

Yes No / Not sure

Least-privilege access on anything sensitive: HR, finance, customer PII.

14. Are vendor security posture questionnaires reviewed before signing SaaS contracts?

Yes No / Not sure

Your weakest vendor is your effective security floor. Ask for SOC 2 + DPA at minimum.

15. Do you have a formal response plan for wire-fraud / BEC attempts?

Yes No / Not sure

BEC is the #1 financial cyber loss. Require out-of-band verification for any money movement.

16. Is logging enabled and retained (email, auth, file-share access) for at least 90 days?

Yes No / Not sure

Without logs you can't investigate anything. Most platforms log for free — just enable it.

17. Are shared drives organized so sensitive folders have access-controlled permissions?

Yes No / Not sure

Walk your Google Drive / OneDrive — would a new hire see things they shouldn't?

18. Do you run external vulnerability scans on your public IPs / websites quarterly?

Yes No / Not sure

Free tools like SSL Labs, SafeCadence's Security Headers Checker cover the basics.

19. Is there a process to review privileged-account usage (admin, root) monthly?

Yes No / Not sure

Rotate privileged creds + review access logs once a month; takes 20 minutes.

20. Do you have a named security owner (even if it's part-time)?

Yes No / Not sure

If security is "everyone's job" it's no-one's job. Name one person accountable.

Score

—

Answer the questions above to see your score.

Reverse DNS Lookup

Reverse DNS (PTR) lookup

IP address

Look up →

MD5 Hash Checker

MD5 hash

Legacy tool. MD5 is broken for cryptographic purposes — use for file-integrity checks only.

Text

Or a file

Expected hash (for verification)

MD5 (hex)

—

—

Robots.txt Checker

Inspect robots.txt

Origin

Fetch →

HTTP Header Viewer

HTTP headers

URL

Method GETHEAD

Fetch →