Password Strength Checker

How to use

1. Type or paste a password.
2. Read the strength bar and entropy.
3. Check crack time at each threat level. Anything > 1 year on the 'offline fast' column is solid against most realistic attacks.

Frequently asked questions

Is this safe to use with my real password?

It runs entirely in your browser — no network calls, nothing stored. That said, type into random web tools at your discretion. If you'd rather not, test a similar-shape dummy password (same length, same character classes) instead.

What's entropy?

A measure of how many possible passwords could have produced this one, in bits. 60 bits = 2⁶⁰ ≈ 10¹⁸ guesses needed on average — strong against offline brute force. 30 bits ≈ 10⁹ guesses — cracked in seconds offline.

Why does my password score lower than I expected?

Length matters more than character diversity. 'Tr0ub4dor&3' (XKCD 936) is shorter and looks complex but has ~28 bits. 'correct horse battery staple' is plain words but has ~44 bits because it's longer.

What about zxcvbn?

zxcvbn is more sophisticated — it knows about leetspeak, dates, names, and L33t patterns. This calculator uses a simpler model. For production use cases (a signup form), prefer the actual zxcvbn library.

Related tools