Password Strength Checker

See how strong your password really is — with estimated crack time and a criteria checklist.

🔒 Your password never leaves your browser.

How the Password Strength Checker Works

Type a password to get an instant strength score from 0 (Very Weak) to 4 (Very Strong). The score is based on length, character diversity (uppercase, lowercase, digits, symbols), and detection of common patterns or sequential characters. Short passwords with no variety almost always score 0 or 1.

The estimated crack time is calculated from the password's entropy (information content) assuming an attacker using a modern GPU at 10 billion guesses per second. All analysis happens locally in your browser — your password isn't transmitted anywhere.

Eight pattern detectors and three crack-time scenarios

The analysis now runs eight specific pattern checks: common passwords from a 250-entry list with l33t-speak deleetification (so p@ssw0rd doesn't slip through), keyboard walks like qwerty and asdf, ascending and descending sequences of letters or digits, repeated characters, and dates in common formats. You see which patterns were detected, not just a score. Entropy is shown in bits alongside the score — so you know whether a four-word passphrase at 52 bits is actually better than your 14-character mix at 48 bits (it is).

The crack-time table shows three scenarios side by side: online throttled (100 guesses per second, the rate a login form limits you to), offline GPU (10 billion per second, a mid-range dedicated cracking rig), and a distributed cluster (100 billion per second). The difference between these scenarios is what separates 'fine for a forum account' from 'acceptable for a work login' from 'suitable for encrypting a backup'. When your score is low, the tool suggests a passphrase alternative — not a generic tip, an actual example of what a stronger structure looks like.

Frequently Asked Questions

What actually makes a password strong?
Three things: length (16+ characters), variety (uppercase, lowercase, digits, and symbols), and unpredictability (no dictionary words, sequential patterns, or common substitutions like 3 for e). Length matters most — a long random passphrase beats a short complex one.
What is entropy and why does it matter?
Entropy measures the unpredictability of a password in bits. Higher entropy means more possible combinations an attacker must try before guessing right. Each additional character roughly multiplies the number of possibilities by the charset size — which is why length helps so much.
Is it safe to type my real password here?
Yes. This tool runs entirely in your browser — no network requests are made and your password isn't sent anywhere. You can verify this by disconnecting from the internet and testing. It still works offline.
What score should I aim for?
Aim for a score of 3 (Strong) or 4 (Very Strong) for accounts that matter. For critical accounts (email, banking, work), also consider using a password manager to generate and store truly random passwords.

You might also need

See all tools →

Complementary tools based on what you're doing