Private by design: answers stay in your browser for this session. No account connections, no credentials, and no data is sent by the scan.
Threat Lab, answered plainly.
Do I enter any passwords or codes?
Never. The scan asks how your accounts are protected — it never asks for passwords, verification codes, or account access.
What is a “reset door”?
Any path that can take over an account without the password: SMS recovery on a hijackable number, a weak main email, old sessions, missing backup codes. Threat Lab maps which doors are open.
Is SMS 2FA safe enough?
Better than nothing, but it is the weakest common factor. Prefer an authenticator app, passkey, or security key for your main email and money accounts.
What do I get at the end?
An Exposure Index score (0–100) with a risk band, your First 3 Shields, and a downloadable Threat Lab Leak Map.
Is this incident response?
No — educational only. If an account is actively compromised, use the provider's official recovery process.