// password.checker

Live password strength analysis + cryptographically secure passphrase generator — free, client-side only

// PRIVACY: Runs entirely in your browser. Nothing you type is ever sent, stored, or logged.
No network requests are made. No data reaches our servers. The strength engine (zxcvbn) and the wordlist are served from the same origin as this page — zero external calls are possible.
// PASSWORD STRENGTH CHECKER
// type a password above — strength updates as you type
// PASSPHRASE GENERATOR

Diceware-style passphrases are long, random, and memorable — exactly what HIPAA password policies should require. Randomness comes from window.crypto.getRandomValues() — never Math.random().

Word selection uses rejection sampling to eliminate modulo bias.

6

6 words ≈ 54 bits of entropy from this wordlist

// SEPARATOR
// HIPAA & PASSWORD REQUIREMENTS

Weak or reused passwords are one of the top breach vectors for healthcare practices. HIPAA's Security Rule addresses password management directly in two places:

§164.308(a)(5)(ii)(D) — PASSWORD MANAGEMENT

HIPAA lists password management as an addressable implementation specification — meaning you must either implement procedures for creating, changing, and safeguarding passwords, adopt an equivalent measure, or document in writing why it is not reasonable and appropriate. It is not optional.

§164.312(a) — ACCESS CONTROL & UNIQUE USER IDENTIFICATION

Each user must have a unique name or number for identifying and tracking user identity. Shared logins and weak passwords directly violate this technical safeguard.

A single compromised staff credential can expose every patient record in your EHR. OCR investigators look at password policies in every compliance review — a missing or inadequate policy increases your exposure in all four civil penalty tiers.

// NEXT STEPS
Strong passwords are one line item in a complete access-control and password policy. HIPAA requires documented procedures covering creation, rotation, safeguarding, and termination workflows. Our Advanced Suite for healthcare includes a ready-to-sign Password & Access Control Policy, a Workforce Training Record, and 15+ other deliverables written for small practices — so you can close your policy gap without hiring a consultant.
→ VIEW ADVANCED SUITE FOR HEALTHCARE
Want to see your full HIPAA posture? Take the free HIPAA Readiness Check →
// DISCLAIMER — Strength estimates are based on the zxcvbn library and are for education only. No tool can guarantee a password is unbreakable; threat models vary. This is not legal advice. Consult qualified counsel for your specific HIPAA compliance posture.