🛡️ Browser-only · Answers never uploaded

Identity Risk Score

✓ Processed entirely in your browser  ·  0 bytes sent  ·  Verify in DevTools

Eight questions, one composite score, prioritised actions. We measure exposure across passwords, email, identity reuse, 2FA coverage and device hygiene — and surface the highest-leverage fixes first.

How the Score Works

Each question carries a weight. We sum penalties (bad answers) and bonuses (good answers), normalise to 0–100, then group the result into low (0–30), medium (31–60) and high (61–100) risk bands.

What this tool does

This is a short questionnaire that turns how you actually manage your accounts — how many you have, whether you reuse passwords, whether two-factor authentication is on, how much of your personal data is already public — into a single 0–100 risk score with a prioritised list of what to fix first.

How to use it

  1. Answer each question honestly — there are no wrong answers, only your real situation.
  2. Read your composite score and, more importantly, the ranked next steps.
  3. Fix the top one or two items, then re-take it to see the score move.

Why the combination matters more than any single answer

Identity risk is rarely about one thing. Having lots of online accounts is fine if each has a unique password and 2FA. Reusing one password is survivable if that account doesn't matter. The danger is the combination: many accounts, plus reused passwords, plus no 2FA, plus personal details already floating around in old breaches. A score is useful precisely because it weighs those together instead of letting you fixate on one reassuring or alarming detail.

Being the unofficial "tech person" for friends and colleagues across two decades in IT support, the question I got most after any data-breach headline was simply "should I be worried?" People wanted a yes or a no, and the honest answer was always "it depends what else is true." The person panicking about one leaked password who had 2FA everywhere was basically fine. The calm person who shrugged "it's just one password" but used that same password on forty sites with no 2FA was the one genuinely exposed. You can't answer "should I worry" from a single fact — you have to look at the stack. That's the whole point of scoring the combination rather than any one item.

— Hill, 20 years in IT support

Your answers are processed entirely in your browser to compute the score. There's no account and nothing is uploaded.

Frequently asked questions

How is the score calculated?

Each answer contributes a weighted amount of risk — things like password reuse, missing 2FA, account volume and public exposure — combined into a single 0–100 figure, with the biggest contributors surfaced as your top fixes.

Do you store my answers?

No. The questionnaire runs in your browser and the score is computed locally. Nothing you select is uploaded or saved to a server.

What should I fix first?

Follow the ranked steps. Usually the highest-impact moves are replacing reused passwords with unique ones and turning on two-factor authentication for your most important accounts (email first).

Is a high score an emergency?

Treat it as a prompt, not a panic. It means several risk factors stack up for you — work through the top items in order and re-check. Steady fixes lower the score quickly.

More Privacy Tools

🛡️

Privacy Dashboard

Track score + vault + alerts.

🔍

Data Leak Checker

Breach lookup.

📱

Device Checklist

Hardening steps.