Knowing how strong a password actually is takes some math. The ChrysoKit Password Strength Checker estimates entropy and crack time live as you type, and flags common weaknesses.
Why use it
The visual feedback turns abstract numbers ("how many bits of entropy") into something you can react to: longer, more varied, fewer obvious patterns. Local-only, so the password itself never leaves the page.
How to use the Password Strength Checker
- Type or paste a password into the input.
- Read the entropy estimate and the time-to-crack guess.
- Read the warnings about common patterns or substitutions.
- Adjust the password until the score is comfortable for the account's risk level.
Features worth knowing
Entropy estimate
A bit count based on character classes and length. Higher is exponentially better.
Pattern detection
Flags common substitutions (0/o, $/s), keyboard walks (qwerty), repeated characters, and short length.
Local only
Nothing is uploaded, logged, or compared against an external breach database. The password is analysed entirely in your browser.
Pro tips
- A 'medium' score means an attacker with a good GPU farm could crack it in days. Push for high.
- Common substitutions (0 for o, $ for s) add almost no real strength. Length is what matters.
- The crack-time estimate assumes an attacker doing 10 billion guesses per second against a fast hash. Real systems using slow hashes (bcrypt, Argon2) buy you orders of magnitude.
- For a fast strength upgrade, use the Passphrase Generator. Six random words beat almost anything you would invent.
Privacy first. The Password Strength Checker runs entirely in your browser. The password is never sent anywhere.
Run candidates through the Strength Checker before adding them to a manager. A few seconds of feedback saves a lot of "should I use this?" hesitation.
Open the tool: Password Strength Checker →