Simple UsageBad Passwd
is a simple app: you open it, enter a password, tap the Check Password button, and find out if the password has appeared in a data breach or password dump.
This app uses the Have I Been Pwned? API v2
) to check password hashes.
❓ The only permission required is Internet access.
💾 No user entered data is stored by the app.
⌨️ The hash prefix (first 5 characters of the SHA-1 hash of the password) is updated as you type a password and is displayed next to the Check Password button.
🌐 A tap of a button is required before an API request is made over the Internet, and the only URL that will be requested is https://api.pwnedpasswords.com/range/HASH, where HASH is that displayed next to the button.
⬆️ The only domain name accessed is api.pwnedpasswords.com, and redirects are disabled.
♿ Accessible to those using accessibility tools such as TalkBack.
👂 All visual hints of the app doing something in the background have a verbal equivalent for text to speech users.
🚫 For the password input screen of the app, taking screenshots is disabled.
🤐 Switching away from the app clears any entered password, clears the displayed results of any password hash lookup (including how many times it has appeared in data breaches), and resets the password visibility toggle.
👁️ The password visibility toggle is coloured a shade of red when passwords are displayed, as a compromise between security and functionality.
🌙 This app has a dark/night mode.