Frequently Asked Questions

Can you trust this site?

Yes, you can. We don’t collect or store the passwords you enter on this site. We use the same tech to check them as you would find in Kaspersky Password Manager. You can find a detailed description with technical details below.

Furthermore, we constantly check our site’s security, and use a secure connection (SSL/TLS) to keep your data safe while being transmitted.

How do you test my password?

We check if your password can withstand brute-force attacks and hasn’t been exposed in any data breaches. Here’s how we do it, in detail.

First and foremost, we never transmit or store the password you enter. All checks happen locally on your end: your passwords never leave your device.

We don’t see your password either. Instead, we work with something called “password hash”: a scrambled, unique set of characters derived from your password. For example, if your real password is “qwerty12345”, after we “hash” it, it would look like this: 4e17a448e043206801b95de317e07c839770c8b8.

We assess how strong your password is by analyzing how long it would take to crack its hash with brute-force methods — trying every possible password to match the given hash.

When it comes to checking for leaks, we use that same hash. First, the hash is calculated locally on your device. Then, a part of the hash (say, the first half) is sent to Kaspersky servers. Reconstructing the source password from this part is impossible. The server then returns a list of all the compromised hashes that start with the same characters. If your hash matches one on that list, it means the source passwords match too. And the key thing is, your actual password never leaves your device during this process.

Thus, checking for leaks this way is totally safe for you.

What if I still don’t trust you?

Okay, let’s assume for a second that despite all the security measures we’ve laid out above, someone still somehow intercepts the password you entered on our site. To actually use it, they’d also need your username (login). Without it, the password itself is useless — it’s like losing your house keys somewhere on a busy highway in another country. If there’s no tag with your address or some other ID on those lost keys, your home isn’t really at risk. The same is true for your password.

How to create a strong password?

Here’s what your password should be so it never gets hacked:

  • First, long. If your password has at least 16 characters, cracking it could take over a year.
  • Second, diverse. A strong password should consist of different types of characters — uppercase and lowercase letters, numerals, and special characters. This makes it less predictable and, therefore, harder to guess.
  • Third, memorable. A password like DryLandStandGift2015;) is roughly as strong as a jumbled mess of characters like %Y]G9gWJ48zYkFBc@{nKw!’q. Hard to believe it at first glance, isn’t it? However, you’re far more likely to immediately forget the latter one. So, when coming up with a password, use mnemonic rules, or come up with your own way to remember it.
  • Fourth, unique. Create a new password for each online service. That way, if one gets hit by a data breach, you won’t have to go changing passwords everywhere.

Some browsers may offer to save the password you enter on a site, or to auto-fill a password previously saved for another service on this domain, such as My Kaspersky. We advise against it, however: browsers don’t make for the most secure password storage.

And to avoid having to remember all your passwords yourself, get a password manager. You’ll only have to remember one main password, and Kaspersky Password Manager handles the rest. We offer a detailed explanation of how it works here.

How do I protect my accounts from getting hacked?

  • First and foremost, use strong and unique passwords. See Creating an unforgettable password on our Kaspersky Daily blog for more details on creating a good password.
  • Enable two-factor authentication (2FA) everywhere you can. Stealing your password alone won’t be enough to compromise your account: the attacker would also need a one-time code to sign in. You can get these codes in text messages, but it’s much safer to generate and store them in a dedicated app such as Google Authenticator or our Kaspersky Password Manager. Some services support a special physical device like the YubiKey as the second authentication factor. You can learn more about 2FA in What is multi-factor authentication? and Types of two-factor authentication: pros and cons.
  • Regularly check where and when your accounts have been logged in to. If you see an unfamiliar device in the list, remove it and change your password.
  • Be careful about the verification info you choose for data recovery. Avoid security questions that can easily be answered by searching your social media, or just by guessing.