Password Strength Checker
Check password strength instantly: entropy analysis, crack time estimate, pattern detection, and composition breakdown. Free, 100% in your browser — your password never leaves your device.
Reference
How is password strength measured?
Password strength is measured by entropy — the number of bits of randomness in the password. Higher entropy means more possible combinations an attacker must try. This tool calculates entropy based on the character pool size (lowercase, uppercase, digits, symbols) and password length: Entropy = Length × log₂(Pool Size). The crack time estimate assumes a brute-force attack at 10 billion guesses per second, representative of modern GPU-accelerated cracking.
Understanding entropy levels
Below 28 bits — Very Weak: crackable in seconds. Equivalent to a 4-digit PIN. 28–40 bits — Weak: crackable in minutes to hours. Common for short passwords with limited character types. 40–60 bits — Fair: would take days to years to crack via brute force. Minimum acceptable for most accounts. 60–80 bits — Strong: would take thousands to millions of years. Good for sensitive accounts. 80+ bits — Very Strong: effectively uncrackable by brute force with current technology. Use for encryption keys and critical systems.
Tips for strong passwords
Use length over complexity — a 20-character passphrase like "correct horse battery staple" has more entropy than "P@s5w0rd!". Mix character types — using uppercase, lowercase, digits, and symbols multiplies the search space exponentially. Avoid patterns — sequential characters (abc, 123), keyboard walks (qwerty), and repeated characters (aaa) are checked by attackers first. Never reuse passwords — use a unique password for every account. Use a password manager — let it generate and store random passwords for you.
Privacy
Your password is analyzed entirely in your browser. It is never sent to any server, stored, or logged. Close this page and all data is gone.