Why We Built a Password Auditor That Never Touches Your Passwords
Three months into ARK's Shield tier development, a customer emailed us a question that stopped the team mid-sprint: 'If you're checking my password health, doesn't that mean you have my passwords?' The honest answer was no. But the question made us realise we hadn't explained how it actually works.
The Password Problem Nobody Talks About
Most people don't know if their passwords are weak, reused, or already compromised in a breach. They also don't trust password managers, or they use one but haven't audited what they've saved. When we started building ARK, we kept hearing the same thing from our early users: 'I'd like to know if I'm at risk, but I'm not uploading my passwords anywhere.'
That wasn't a hard requirement we could ignore. It was the entire point. ARK is built for people who've already been burned by a data breach, or who are paranoid enough to avoid one. Telling them 'just give us your passwords so we can check them' would be asking them to break the one rule they live by.
So we had to think differently. Instead of asking for passwords, we needed to scan the device itself and compare what we found against known breach databases and common weakness patterns. The trade-off was complexity. The payoff was trust.
How It Actually Scans Your Device
Password health check lives inside the Shield tier. When you run it, ARK looks at the passwords stored on your phone in a way that respects your privacy. On iOS, we read from the secure keychain. On Android, we read from EncryptedSharedPreferences. We never store those passwords anywhere, not in our servers, not in our logs, not even in plain text on your device.
Here's what we actually scan for: reused passwords (the same password across multiple apps or services), weak passwords (common patterns, dictionary words, short strings), and compromised passwords (hashes matched against the Have I Been Pwned database). For the compromise check, we use a technique called k-anonymity. We send only a partial hash to HIBP, then process the results locally on your device. HIBP never sees your full password, and we never see your actual credentials.
Once the scan finishes, ARK shows you a breakdown of what it found. If you have weak or reused passwords, the report tells you which apps are affected. Then you get a one-tap link that takes you directly to the password change screen in that app. We do the same thing with all the other scans; we identify the problem, then give you the fastest route to fix it.
Why We Didn't Build a Password Manager
Early in the design process, someone on the team suggested we just add password storage to ARK. Store them securely, audit them, let users manage them from one place. It made product sense. It made zero sense for who we are.
ARK is a security score tool. It's designed to identify risks and point you toward remediation. If we stored passwords, we'd become a target. We'd have liability. We'd have to maintain encryption at a scale that wasn't our core competency. We'd also be asking users to trust us with something that's not our job to hold.
The password manager market is crowded with solid options, many of them free or cheap. What's rare is a tool that audits your existing passwords without taking custody of them. So that's what we built. Password health check works because it's narrow in scope and honest about its limits. It doesn't replace a manager. It complements one.
What We Actually Tell You
When the scan runs, you get a simple report. The report shows you how many passwords are weak, how many are reused across apps, and how many have been compromised in a known breach. For each category, you see which apps are at risk. You also get a score contribution: your overall security credit score ticks up when you fix these issues.
We also flag edge cases. If you're using a password that was in a breach five years ago but no longer appears in active breaches, we still tell you. If a password is technically strong but identical to one you use elsewhere, we call that out. The goal isn't to scare you. It's to give you the information you actually need to make a decision about what to change and when.
One thing we deliberately didn't add: weekly alerts about new breaches. That's not our job either. Have I Been Pwned already does that well, and if you want active monitoring, you can set it up yourself or use a password manager that includes it. We stick to one job: run the audit, show you the results, let you decide what to do.
The Trust Question We Still Ask Ourselves
The hardest part of building password health check wasn't the engineering. It was deciding what we'd store and for how long. We store your email address and the encrypted hashes of weak or compromised passwords, but only on your device, in the same secure storage we use for all PII. We never sync them to a server. We never use them to build a profile. If you delete the app, they're gone.
This decision costs us something. We can't build cross-device auditing. We can't send you helpful reminders. We can't create a historical timeline of your password hygiene. We chose those trade-offs on purpose, because the alternative, which is 'we keep copies of this stuff in case you uninstall', felt like a betrayal of what ARK is supposed to be about.
Every time someone asks us if we're really not storing their passwords, I'm reminded that trust isn't something you get for free. You earn it by being boring about the things that matter. A boring company that doesn't store your passwords is infinitely more trustworthy than an exciting company that promises not to but has to hedge with terms and conditions.
If you've ever felt uncomfortable auditing your passwords because you didn't want to hand them over to anyone, password health check exists because we felt the same way. The question now is: how many other security tools are you using that make you compromise on something you shouldn't have to compromise on?