Understanding Password Health Scores and How to Improve Yours

← Back to Blog

You have a password manager. You have stored all your credentials. But how secure are they really? A password manager is only as strong as the passwords it holds. If half your vault is filled with "Password123" variations, you are not much better off than writing them on a sticky note.

That is where the password health score comes in. It is a single number that tells you how well your passwords are protecting you, and more importantly, where you need to improve.

What the Password Health Score Measures

The password health score in UnveilPass evaluates every credential in your vault across four dimensions:

• Strength — How resistant is each password to brute-force and dictionary attacks? This considers length, character variety (uppercase, lowercase, numbers and symbols) and common patterns.
• Reuse — Is the same password used across multiple sites? A single reused password means that one breach compromises all accounts sharing that password.
• Age — How long has the password been in use without being changed? Older passwords have had more time to be exposed through breaches or shoulder surfing.
• Breach status — Has the password appeared in known data breaches? UnveilPass checks this against known breach databases. Your full password is never sent to any external service.

How the Score Is Calculated

Each password in your vault receives an individual strength score based on the estimateStrength() algorithm. This function analyzes the password and returns a percentage score along with a label. The factors that influence individual password strength include:

• Length — Longer passwords score higher. A 16-character password scores significantly better than an 8-character one.
• Character diversity — Using a mix of uppercase letters, lowercase letters, numbers and symbols increases the score. A password using all four character types scores higher than one using only two.
• Pattern avoidance — Common patterns like sequential numbers (123456), keyboard walks (qwerty) and dictionary words reduce the score.
• Uniqueness — Passwords that are not reused across multiple entries receive a bonus. Reused passwords are penalized.

Your overall vault health score is an aggregate of all individual password scores, weighted by breach status and reuse. A single breached or widely-reused password can significantly drag down your overall score.

Understanding the Color Coding

UnveilPass uses a three-color system to make password health immediately visible at a glance:

• Red (Weak / 0-39%) — The password is critically weak. It could be cracked in seconds to minutes using common attack tools. Immediate action required.
• Orange (Fair to Good / 40-69%) — The password has some strength but is not adequate for sensitive accounts. It may be too short, lack character diversity or follow a common pattern.
• Green (Strong / 70-100%) — The password is strong and resistant to brute-force attacks. It uses sufficient length and character diversity.

In the vault table, each entry displays a strength bar in the Safety column using these colors. You can spot weak passwords instantly without opening each entry individually.

Common Problems That Lower Your Score

Problem 1: Weak Passwords

The most obvious issue. Passwords like "Summer2025!", "MyDogBuddy" or "Company123" feel personal and memorable but are trivially easy to crack. Attackers use dictionaries of common words, names, dates and patterns. If a human can remember it easily, an attacker's tool can guess it quickly.

Weak passwords typically share these traits:

• Fewer than 12 characters
• Based on dictionary words with simple substitutions (p@ssw0rd)
• Contain personal information (names, birthdays, pet names)
• Follow common patterns (Word + Number + Symbol)

Problem 2: Reused Passwords

Password reuse is the most dangerous habit in digital security. If you use the same password for your email and an online forum, a breach of that forum gives attackers direct access to your email. From there, they can reset passwords on every other account you own.

The UnveilPass health score penalizes reused passwords heavily. Even if the password itself is strong, using it on multiple sites turns a single breach into a cascading failure.

Problem 3: Old Passwords

A password that was strong when you created it three years ago may have since appeared in a breach you are not aware of. The longer a password remains unchanged, the more opportunities there are for it to be compromised through phishing, data breaches or surveillance.

While there is debate about mandatory rotation policies, passwords that have not been changed in over a year deserve a review, especially for high-value accounts like banking and email.

Problem 4: Breached Passwords

If your password appears in a known data breach database, it means attackers already have it in their dictionaries. It does not matter how strong it looks. A 20-character password that has been leaked is weaker than a fresh 12-character random password. Breached passwords should be changed immediately regardless of their apparent strength.

How to Improve Your Score: A Step-by-Step Plan

Step 1: Run the Password Health Scanner

Navigate to Password Health in the sidebar (under the Advanced menu). This page scans every entry in your vault and presents the results sorted by severity. Start with the entries marked in red.

Step 2: Run the Breach Scanner

Go to Breach Scanner in the sidebar. This checks each password against known breach databases. Any passwords that appear in known breaches are flagged immediately. These are your highest priority items.

Step 3: Replace Breached Passwords First

For each breached password, click the entry to open it, then visit the website and change your password. Use the UnveilPass generator to create a strong replacement. The generator creates passwords using your saved preferences (character types and length) so every new password meets your security standards.

Step 4: Eliminate Reused Passwords

The Password Health page highlights entries that share the same password. Work through these groups, changing each duplicate to a unique generated password. Start with the most sensitive accounts: email, banking and any account that could be used for password resets on other services.

Step 5: Strengthen Weak Passwords

For entries still showing orange or red in the Safety column, open each entry and replace the password with a generated one. A minimum of 16 characters with all character types enabled is a good baseline.

Step 6: Configure Your Generator Defaults

Visit the Generator page and configure your preferred password settings. Enable uppercase, lowercase, numbers and symbols. Set the length to at least 16 characters. Click Save as default so these preferences apply everywhere: the Generator page, the new entry form and the browser extension.

Step 7: Set Up Ongoing Monitoring

Enable Vault Modification Alerts in Settings to get notified when your vault changes. Check the Breach Scanner periodically as new breaches are added to the database regularly. Make password health reviews a monthly habit.

What a Good Score Looks Like

A healthy vault has these characteristics:

• Every entry shows a green strength bar (70%+ score)
• Zero reused passwords across any entries
• Zero passwords appearing in breach databases
• All passwords generated randomly (not human-created)
• Two-factor authentication enabled on the UnveilPass account itself

Achieving a perfect score takes effort initially, especially if you are migrating from years of reused passwords. But once you have replaced every weak and reused password with a unique generated one, maintaining the score is easy. Every new account gets a generated password automatically and your score stays green.