CyberSec Insight

Solo-authored blog, free security tools, defense-sector focus.

No login required

Password generator & security tools

Secure password generator, in-browser strength meter, breach check, SHA-256 hash, and DoD/CMMC policy helper. No sign-up. We do not store what you enter.

Other hubs: Tools catalog · Scan dashboard · Email DNS (MX, SPF, DKIM, DMARC) · GUID / UUID converter

Password & hash tools

For website scans, domain email DNS (MX, SPF, DKIM, DMARC), and phishing checks, use the tools catalog or scan dashboard.

Random password generator

Choose a style below and generate a password. Copy and use it where you need it. Nothing is stored.

Check if your password has been exposed

Uses the free Pwned Passwords API. Your password is hashed in your browser; only the first 5 characters of the hash are sent. We never see or store your password.

Password strength meter

Type a password to see how strong it is. Nothing is sent or stored.

SHA-256 hash

Hash text in your browser. Nothing is sent or stored.

DoD / CMMC password policy checker

Check if a password meets common DoD/NIST-style requirements (for reference only; confirm with your SSP).

If you've been breached or attacked, do this now

Immediate steps and short videos when your account was compromised or your phone is at risk.

Account compromised (email in a breach or account hacked)

  1. Change the password on the breached site and everywhere you reused it.
  2. Turn on 2FA (authenticator app or hardware key, not SMS if you can avoid it).
  3. Check bank and email for suspicious logins; revoke unknown sessions.
  4. Use a password manager so every account has a unique, strong password.
  5. Assume you'll get more phishing; be extra careful with links and attachments.

Watch: Have I been Pwned and What to do if you have been in a data breach · Troy Hunt, Have I Been Pwned (GOTO 2023)

Phone taken over, SIM swap, or phone hacked

  1. Contact your carrier immediately; say you suspect SIM swap or fraud and ask to lock the number and restore service to your SIM.
  2. Change passwords for email, banking, and critical accounts (attackers often use your number for 2FA reset).
  3. Move 2FA off SMS to an authenticator app or hardware key where possible.
  4. Check for unknown devices or sessions in Google, Apple, and banking apps; sign them out.
  5. Consider a PIN or port-freeze with your carrier to block future SIM transfers.

Watch: Your phone got hacked, what to do (Kurt the CyberGuy) · 7 steps to prevent a SIM swap hack

What about my phone number?

Your number can still end up in breach dumps, spam lists, or sold by data brokers. Best practices:

  • Use your number only where you must (e.g. 2FA, banking), not for random sign-ups.
  • Prefer app-based 2FA (Authenticator, passkeys) over SMS when you can.
  • If you get unexpected 2FA codes or password-reset emails, assume a sign-up or probe; change passwords and review account security.

← Back to home