Submit a tool

Password Strength Checker

See how strong your password really is. Type it in for an instant score, an estimated crack time and clear tips to improve it — nothing you type ever leaves your browser.

Entropy (bits)
Time to crack
Length
Character pool

Composition

  • Lowercase letters
  • Uppercase letters
  • Numbers
  • Symbols
  • 12+ characters

Why check your password strength?

Most accounts are compromised not by exotic hacking but by guessable passwords — short ones, reused ones, or words and dates an attacker can try in seconds. This tool gives you an honest, at-a-glance read on how well a password would hold up, and exactly what to change to make it stronger.

How to use it

  1. Type a password. The strength meter, entropy and crack-time estimate update with every keystroke.
  2. Read the composition checklist. Tick off lowercase, uppercase, numbers, symbols and length to widen the character pool.
  3. Fix the warnings. Address any flagged sequences, repeats or common passwords, then aim for “Strong” or “Very strong”.

What the numbers mean

  • Entropy (bits). A measure of unpredictability. Each extra bit doubles the work to crack the password; 70+ bits is strong, 100+ is excellent.
  • Time to crack. A rough estimate against a fast offline attacker making ~10 billion guesses per second.
  • Character pool. How many distinct characters the password draws from — bigger pools mean more combinations per character.

Is this private?

Completely. The checker is implemented in client-side JavaScript and evaluates the password locally. It is never transmitted, saved or shared, so it's safe to test even passwords you actively use.

Frequently asked questions

Is it safe to type my real password here?

Yes. The checker runs entirely in your browser with JavaScript. Nothing you type is sent over the network, logged or stored — close the tab and it's gone.

How is the strength calculated?

We estimate entropy in bits from the password's length and the size of the character pool it uses, then apply penalties for common passwords, repeated characters and predictable sequences. More bits means exponentially harder to crack.

How accurate is the crack-time estimate?

It assumes a well-resourced offline attacker making about 10 billion guesses per second against a fast hash. Real-world times vary hugely with the hashing algorithm and hardware, so treat it as a rough guide, not a guarantee.

What makes a strong password?

Length first: aim for 12–16+ characters. Mix lowercase, uppercase, numbers and symbols, avoid dictionary words and sequences, and never reuse a password across sites.

Should I use a password manager?

Absolutely. A password manager generates and stores a unique, strong password for every account so you only have to remember one master passphrase.