15 questions across passwords, MFA, phishing awareness, device security, network safety, and personal-data hygiene. Two minutes. Get a 0-100 score, a letter grade, and personalised tips for your weakest categories.
The quiz runs entirely in your browser — your answers never leave your device, are never logged, and are never sent to any server. Each of the 15 questions has 4 answer options worth between 1 and 10 points, scored on how secure that behaviour is. The maximum possible total of 150 points is normalised to a 0-100 score, then mapped to a letter grade (A+ for the strongest results, F for the weakest).
The 6 categories. Questions are distributed across passwords (manager use, length, reuse), MFA (whether you use it, what type), phishing awareness (recognition habits, click discipline), device security (updates, lock screens, backups), network safety (public Wi-Fi habits, VPN use), and personal-data hygiene (sharing patterns, account exposure). Each category contributes roughly equal weight to the overall score.
Personalised tips. The results screen sorts your category scores from lowest to highest and surfaces specific recommendations for your weakest 2-3 categories. The tips section is initially blurred — sharing your score on any platform unlocks it. No signup, no email, no account creation; just a one-click share unlocks the personalised plan.
What this quiz is NOT. It is a self-assessment of your stated habits, not a security audit of your actual behaviour. It does not run scans against your accounts, does not check whether your passwords are breached (use the Password Breach Checker for that), does not test your phishing-recognition reflexes (try a real phishing-simulation platform if you need that), and does not measure whether you actually do what you say you do. Treat the score as a directional indicator and a starting point for habit improvement.
Take the quiz once today, write down your score, then work through the personalised tips for your weakest categories over the next month. Re-take the quiz at the end of the month — the score should have improved if you actually adopted the tips. This is how habit-improvement loops work in any domain: measure, change, re-measure.
Send the quiz link to family members or friends who do not work in security. The 2-minute format and personalised tips give them an actionable starting point without any prerequisite knowledge. Particularly valuable for older relatives who feel overwhelmed by security advice — the quiz makes it concrete and personal rather than abstract and generic.
For non-security teams getting their first onboarding (engineering hires, marketing hires, finance hires), the quiz is a quick way to surface where their personal security habits sit before deeper training. It also normalises that "everyone has gaps" — even security professionals scoring the quiz honestly will find at least one weak category. Reduces the defensiveness that comes from feeling judged on security knowledge.
If your team is about to take formal security awareness training (KnowBe4, Hoxhunt, Living Security), having everyone take this quiz first gives the trainer a baseline of where attention is needed most. Trainers can adapt content emphasis based on which categories show the lowest team-average scores rather than running a generic curriculum that wastes time on areas everyone already does well.
If you (or someone you know) recently fell for a phishing email, had an account compromised, or lost a device, take the quiz to think systematically about what other categories might have similar gaps. Incidents reveal habits in one category but the same underlying habits often manifest across other categories too. The quiz forces you to look at all 6 areas, not just the one that caused the recent incident.
Tempting because the share image looks better with a higher grade — but the personalised tips are based on your honest weak categories. Gaming to A+ removes the entire value of the quiz. The score is for you, not for the share card. Answer honestly even when the honest answer is uncomfortable.
A+ means your habits are strong across all 6 measured categories. It does NOT mean you are uncrackable. The quiz cannot test categories not measured (email account exposure, secret-question hygiene, browser extension risk, supply-chain attacks via apps you trust). High score means you are not the easy target — it does not mean you are safe.
A B+ overall score with one F-grade category is much riskier than a B+ overall with even C-grades across the board. The weak category is the breach path. Average scores hide the actual risk pattern. Always look at the per-category breakdown, not just the overall number.
Habits change over time — usually for the worse without ongoing attention. Retake the quiz quarterly to track whether you are improving or sliding. Most people who take security quizzes once forget to apply the lessons within a few weeks; the retake habit catches the slide and triggers re-engagement with the tips.
The share buttons share your score and grade only — never your specific answers, never which weak categories you have, never any actual security details. If you decide to share publicly, the share card image is safe. Be careful about commentary you add to the share — "I scored an F because I reuse my Gmail password everywhere" is information attackers can use against you.
For personal use, a self-assessment is appropriate. For professional contexts (organisations handling regulated data, teams operating critical infrastructure, anyone with specific compliance requirements), this quiz does not replace real security audits, penetration tests, or compliance assessments. Use it as a personal habit-improvement tool, not as evidence of organisational security maturity.