Vault Health
Vault Health scans your entire vault and flags passwords that are weak, reused across multiple accounts, or haven't been changed in a long time â then gives you a direct path to fix them.
Opening Vault Health
Tap the Health tab (heart icon) in the bottom navigation bar. The health dashboard runs an analysis of every password-type entry in your vault and groups issues into three categories: Weak, Reused, and Old. A summary count at the top shows your total number of flagged items.
All analysis is local
Vault Health runs entirely on your device. Your passwords are never sent anywhere â not to Silicon Scripted, not to any third-party breach database, not anywhere. The analysis reads your decrypted vault data in memory only.
Weak Passwords
An entry is flagged as weak when its password scores below a minimum strength threshold. Silicon Secure evaluates password strength based on a combination of factors:
- Length â Shorter passwords score lower regardless of complexity.
- Character variety â Using only lowercase letters, or only numbers, reduces the score.
- Common patterns â Sequential characters, keyboard walks (e.g.
qwerty), and repeated characters are penalized. - Dictionary words â Plain dictionary words, names, or common substitutions (e.g.
p@ssw0rd) score poorly.
Tap any entry in the weak list to open it, then tap Edit and use the inline password generator to replace it with a strong one.
Reused Passwords
An entry is flagged as reused when its password is identical to the password in at least one other vault entry. Password reuse is one of the most common causes of account compromise â if one site is breached and your password is leaked, every other account using that same password is immediately at risk.
The reused section groups entries by shared password so you can see which accounts share each duplicate. Tap any entry to update it with a unique generated password.
Prioritize reused passwords on important accounts
Focus first on reused passwords for high-value accounts â email, banking, work systems, and anything that can be used to reset other passwords. Changing those reduces your risk the most, even if you can't get to everything immediately.
Old Passwords
An entry is flagged as old when its password hasn't been updated in a significant amount of time. This isn't a hard security rule â a strong, unique password doesn't become weaker just because it's old â but it's a useful prompt for accounts you may have set up years ago with a weak password you've since forgotten about.
Reviewing old entries is also a good opportunity to check whether the account still exists, whether you've already switched to a passkey, or whether the entry is out of date and can be deleted.
Breach Detection Notifications
In addition to the Vault Health tab, Silicon Secure can notify you if an account associated with an email in your vault appears in a known data breach. This feature uses Have I Been Pwned's k-anonymity API â a privacy-preserving method where only a partial hash of your email is sent, so the full address is never transmitted.
To enable breach notifications, go to Settings â Breach Detection and turn on the toggle. You'll receive a notification if a match is found, with a link to the entry so you can update the password.
What k-anonymity means in practice
When checking for breaches, Silicon Secure sends only the first five characters of a SHA-1 hash of your email address â never the address itself. The server returns a list of all matching hash suffixes, and the comparison happens locally on your device. This means the breach checking service never learns which email was checked.
Fixing Issues Efficiently
The quickest way to work through the health list is to open an entry directly from the health dashboard, tap Edit, tap the wand icon to generate a new password, save it, and move to the next. The health dashboard updates in real time as you make changes, so you can watch your flagged count drop as you go.