Password Strength Checker

Test the strength of any password in real time. Get an entropy score, estimated crack time, and a detailed checklist of what your password passes or fails — all computed locally in your browser.

🔒 Your password is never sent to our servers. All analysis runs locally in your browser.

      How password strength is measured

      Password strength is primarily measured through entropy — a mathematical measure of unpredictability expressed in bits. Entropy is calculated using the formula: entropy = length × log₂(charset size). The larger the character set and the longer the password, the higher the entropy and the harder it is to crack.

      Our checker also validates eight specific criteria: minimum length (8 and 12 characters), presence of uppercase, lowercase, numbers, and symbols, absence from a list of the 200 most common passwords, and lack of repeated character sequences like "aaa" or "123".

      Understanding crack time estimates

      Crack time estimates assume an offline attack using a modern GPU cluster capable of 100 billion guesses per second — a realistic threat model for compromised password hashes. Online attacks (rate-limited by a server) are far slower, but offline attacks are relevant when a database has been breached.

      Tips for stronger passwords

      The single most effective improvement is increasing length. Going from 8 to 16 characters doubles the exponent — multiplying crack time by millions. After length, add character variety: including symbols expands your pool from 62 to 94 characters, a 51% increase that compounds exponentially over password length.

      Frequently Asked Questions

      Strength is measured by entropy: length × log₂(charset size). We also check against 200 common passwords and detect repeating patterns. A 16-character password using all character types achieves ~105 bits of entropy — very strong.

      Below 28 bits is very weak (instantly crackable). 50–75 bits is fair and adequate for most accounts. 75–100 bits is strong. Above 100 bits is very strong. Aim for 75+ bits for important accounts like email and banking.

      Yes. This tool runs entirely in your browser with no network requests. Your password never leaves your device. You can even disconnect from the internet and the tool will still work.

      Each character you add multiplies the search space by the charset size — typically 62–94. Going from 8 to 12 characters can jump crack time from hours to decades. Adding symbol characters or length is far more impactful than substituting a letter for a number (e.g., "a" → "@").

      Need a stronger password?

      Generate a cryptographically secure password in seconds.

      Go to Password Generator →