Password Input

Test password breach detection — does your browser's password manager flag a known leaked password while ignoring a strong unique one?

Test whether your browser's password manager flags leaked credentials. Each case below is a real sign-in form: type or paste the credentials into the empty fields, then submit. The browser only offers to save a password you entered yourself, and saving is what triggers the compromised-password check.

Submitting navigates to /api/login-test, which stores, logs, and forwards nothing — it only echoes back the username and password length. After submitting, accept the “Save password?” prompt, then check chrome://settings/passwords/check (Chrome/Edge), Settings → Passwords (Safari), or about:logins (Firefox).

Why the save prompt needs a real entry

Browsers offer to save a password only when you type or paste it into the field and the form then submits with a real navigation. Pre-filled or programmatically-set values are treated as untrusted and ignored, so the prompt — and the breach check that follows saving — never appears. That is why these fields start empty.

About

Browser password managers (Chrome, Safari, Edge, Firefox) check saved credentials against known data-breach corpora and warn when a password is compromised. A credential is only saved — and therefore only checked — after a real, navigating form submission; a JS-intercepted submit never prompts to save. This test provides two genuinely-submitting login forms that POST to a Pages Function (which stores nothing): Case 1 uses "123456", the most common breached password, and should be flagged as compromised; Case 2 uses a freshly generated 24-character random password that should pass. Both forms use standard autocomplete hints to integrate with autofill and the save-password prompt.

Password Input

Breached credential

Clean (strong, unique) credential