Home › Password Strength Checker

Free Password Strength Checker

Test your password strength instantly. Get entropy analysis, estimated crack time, and actionable suggestions to improve security. Everything stays in your browser.

Strength
0/100
Length0
Uppercase Letters
Lowercase Letters
Numbers
Symbols
Entropy
Est. Crack Time

Suggestions

    How Password Strength Is Measured

    Password strength depends on two key factors: length and complexity. Length is the most important factor — each additional character exponentially increases the number of possible combinations an attacker must try. Complexity (using different character types) increases the size of the character pool.

    This tool calculates a strength score from 0 to 100 based on length, character diversity, bonus points for exceeding recommended lengths, and penalties for common patterns or dictionary words. It also checks against a list of commonly breached passwords.

    Understanding Crack Time Estimates

    The estimated crack time assumes an offline brute-force attack at 1 trillion guesses per second, representing a powerful GPU cluster. Online attacks (like trying to log into a website) are much slower due to rate limiting and account lockouts. However, if a database of hashed passwords is stolen, offline attacks become the real threat.

    For the best security, aim for a score of 80+ and an entropy above 80 bits. Use a unique password for every account and store them in a reputable password manager rather than trying to memorize them all.

    More Security Tools

    Password Generator Hash Generator SSL Certificate Checker DNS Lookup IP Address Lookup Base64 Encoder / Decoder URL Encoder / Decoder

    Frequently Asked Questions

    Does this tool send my password anywhere?
    No. The analysis runs entirely in your browser using JavaScript. No data is transmitted to any server. You can disconnect from the internet and the tool will still work. Check your browser's network tab to verify.
    What makes a password 'strong'?
    A strong password is long (16+ characters), uses all four character types (uppercase, lowercase, numbers, symbols), avoids dictionary words or common patterns, and is unique to each account. The most important single factor is length.
    How accurate is the crack time estimate?
    The estimate assumes 1 trillion guesses per second, which represents a high-end attacker. Real-world crack times vary significantly. Online attacks are much slower due to rate limiting. However, leaked password databases can be attacked offline at high speed, making the estimate relevant for breach scenarios.
    Why is my long password scoring low?
    A long password can still score poorly if it uses only one character type (like all lowercase), contains common dictionary words, or matches known breached passwords. The scoring algorithm considers both length and the quality of character diversity.
    Should I use a password manager?
    Yes. Password managers generate and store unique, strong passwords for every account. You only need to remember one strong master password. Leading options include Bitwarden (free, open-source), 1Password, and KeePassXC (offline). This eliminates the temptation to reuse passwords across sites.