ShowMeYourPassy automatically unmasks password fields so you can see exactly what you're typing. Plus real-time strength analysis and breach detection, all running locally on your machine.
Password fields are automatically converted to visible text. No more clicking tiny eye icons or typing blind.
Catches dynamically loaded forms, modals, SPAs, and even fields inside iframes. Handles React, Angular, and Vue re-renders.
Real-time inline strength bar with specific feedback. Detects common passwords, keyboard sequences, and repeated patterns.
Checks your password against 700M+ breached passwords using Have I Been Pwned. Only a partial hash is sent, never the full password.
Set rules per domain: always unmask, never unmask, or peek-only. Your banking site stays untouched. Everything else is visible.
Hold Alt to temporarily reveal password fields, release to re-mask. Perfect for shared screens and over-the-shoulder situations.
One-click copy with automatic clipboard clearing after 30 seconds. No password left hanging in your clipboard.
Catches sneaky sites that use CSS (-webkit-text-security) to mask text inputs instead of proper password fields.
Add ShowMeYourPassy from the Chrome Web Store. One click.
Every password field on every site is automatically visible. Toggle with Ctrl+Shift+P.
Enter your licence key to unlock strength analysis, breach checks, and per-site rules.
ShowMeYourPassy runs entirely locally. No servers, no analytics, no tracking. The only network request is the HIBP breach check, which uses k-anonymity so your full password is never transmitted.
Yes. ShowMeYourPassy runs entirely in your browser. It never sends, stores, or logs your passwords anywhere. The only network call is the optional HIBP breach check, which uses k-anonymity (only 5 characters of a SHA-1 hash are sent, never the actual password).
In almost all cases, no. Changing the input type from "password" to "text" doesn't affect form submission. The field name and value are preserved. Some rare sites check the input type client-side, but we haven't encountered breakage in real-world testing.
Chrome's password manager may not detect unmasked fields for autosave. If you rely on Chrome's built-in password manager, you can use the per-site rules (Pro) to leave specific sites untouched, or use peek mode instead.
Sites using closed Shadow DOM components or custom non-native input elements (like canvas-based PIN inputs) can't be detected. Some banking sites with strict Content Security Policies may block the extension. Chrome internal pages (chrome://) are also off-limits.
After purchase, you receive a licence key (SMYP-XXXX-XXXX-XXXX-XXXX). Enter it in the extension popup to unlock Pro features. It's validated once and cached locally for 24 hours. Works on up to 3 browsers.
Yes. If Pro doesn't meet your expectations within 14 days, email us for a full refund. No questions asked.