Password Strength Checker

Entropy, time-to-crack, and concrete fixes. Nothing leaves your browser.

0 chars · no classes Tip: a 4-word passphrase usually beats most 12-char passwords.
Type something... 0 bits

Findings

Suggestions

    How to use

    1. Type or paste a password into the field.
    2. Watch the bar, entropy bits, and crack-time estimates update live.
    3. Read the Findings section to see exactly what is weak (dictionary, sequence, repeat, etc.).
    4. Apply the Suggestions to lift it to "Strong" or better.
    5. Use the Password Generator if you'd rather start from a random password.

    Frequently asked questions

    How is strength measured?

    We use a lightweight zxcvbn-style approach: it tries to crack the password using dictionaries, leet substitutions, common patterns, and sequences, then estimates the work needed.

    Is my password sent anywhere?

    No. The analysis runs entirely in your browser. Nothing is uploaded, logged, or compared against an online breach database.

    What does the time-to-crack mean?

    It is the estimated time for an attacker doing 10 billion guesses per second against a fast hash. Slow hashes like Argon2 or bcrypt would take much longer; weakly hashed leaks are cracked far faster.

    Why is my long word still rated weak?

    One dictionary word is easy to crack. Several unrelated random words, like a passphrase, are very strong because the entropy comes from the combination rather than the choice of words.

    Advertisement