📖 Overview
Security posture is strongest at the weakest credential set.
This calculator converts common password hygiene signals into one exposure score for triage.
Use it to prioritize resets unique passwords and 2FA rollout by impact.
🧪 Example Scenarios
Use these default and higher-pressure example inputs to explore how sensitive this calculator is before using your real numbers.
| Input | Base Case | Higher Pressure Case |
|---|---|---|
| Reused Password Groups | 6 | 6.9 |
| Breached Services Count | 14 | 16.1 |
| 2FA Coverage (%) | 35 | 42 |
| Critical Accounts Count | 8 | 9.2 |
⚙️ How It Works
Estimates takeover exposure from password reuse, breach history, 2FA coverage gaps, and account criticality.
The Formula
Exposure Score = weighted(reuse, breaches, critical accounts, missing 2FA)
| Reuse Groups | Credential reuse clusters across services |
| Breached Services | Known services with prior credential exposure |
| 2FA Coverage | Share of accounts protected with strong second factor |
| Critical Accounts | Accounts with high financial/identity impact if compromised |
💡Best first intervention is usually unique passwords + 2FA on high-impact accounts.
Quick Reference
| Score band | Risk level | Priority response |
|---|---|---|
| 0-34 | Low | Maintain hygiene checks |
| 35-59 | Moderate | Reduce reuse and patch 2FA gaps |
| 60-79 | High | Immediate credential reset program |
| 80-100 | Severe | Incident-style remediation sequence |
When To Use This
- Use this tool when you need a fast decision during active planning or execution.
- Use this before committing money, time, or tradeoffs that are hard to reverse.
- Use this to compare options using the same assumptions across scenarios.
Edge Cases To Watch
- Results can be misleading if key inputs are missing, stale, or unrealistic.
- Very small or very large values may amplify rounding effects and interpretation risk.
- If assumptions change mid-decision, recalculate before acting.
Practical Tips
💡 Top fix: eliminate reuse and enable 2FA on high-impact accounts first.
💡 Use password manager-generated unique credentials per service.
💡 Review breach-monitor alerts monthly and rotate exposed credentials fast.
Frequently Asked Questions
❓ Is this a breach detector?
No, it is a risk-scoring model based on your posture.
❓ Why does 2FA matter so much?
It significantly reduces account-takeover likelihood after password leaks.