Password Strength Checker

Test how strong a password is.

100% private — your password is analysed entirely in your browser and is never sent, stored, or logged.

Enter a password
Entropy
Estimated time to crack
  • At least 12 characters
  • Contains a lowercase letter
  • Contains an uppercase letter
  • Contains a number
  • Contains a symbol
  • Not a common password

Free online password strength checker

This password strength checker tells you how tough a password is to guess and roughly how long it would take to crack. As you type, it measures the password's entropy — the number of bits of unpredictability based on its length and the mix of lowercase, uppercase, numbers, and symbols — then rates it from very weak to very strong on a colour-coded meter. It also flags obvious weaknesses like repeated characters, keyboard sequences, and common passwords so a long-but-predictable password can't fool you.

How to check your password strength

  1. Type or paste a password into the box — use the Show button if you want to see what you're entering.
  2. Watch the strength meter and rating update live with every keystroke.
  3. Read the entropy in bits and the estimated time to crack it at 10 billion guesses per second.
  4. Use the checklist to see which criteria — length, character variety, and not being a common password — your password meets.

What the results mean

Entropy captures both length and variety: each extra character and each extra character type multiplies the number of possibilities an attacker must try. Passwords under about 40 bits fall quickly, while 80 bits or more pushes cracking time into centuries at today's speeds. The crack-time figure assumes fast offline guessing and average luck, so treat it as a guide rather than a promise. If a result disappoints you, don't tweak the same password — generate a brand-new one with the password generator.

Private and safe to use

Your password never leaves your device. All analysis happens in your browser with JavaScript — nothing is uploaded, stored, or logged — which makes it safe to test passwords you actually rely on. For extra peace of mind, pair a strong password with hashed storage; you can experiment with checksums using the hash generator. And always use a unique password for every account, kept in a trusted password manager.

Frequently asked questions

How is password strength measured?

The checker estimates entropy — a measure of unpredictability in bits. It works out how large the pool of possible characters is (26 for lowercase, 26 for uppercase, 10 for digits, and about 33 for symbols) and multiplies the base-2 logarithm of that pool by the password length. More length and more character variety mean higher entropy and a stronger password.

Is my password sent to a server or stored anywhere?

No. Every calculation runs entirely in your browser with JavaScript. Your password is never uploaded, saved, logged, or shared, so it is safe to test even passwords you actually use. Once you close or refresh the page, nothing is kept.

How is the estimated crack time calculated?

It assumes an attacker guessing at 10 billion (10,000,000,000) attempts per second — a rough figure for fast offline cracking of a weak hash. On average an attacker finds a password after trying half of all possibilities, so the estimate is 2^(entropy − 1) divided by that rate. It is a guide, not a guarantee: real-world speeds vary enormously with the hashing algorithm and hardware.

Why is my long password still rated weak?

Length alone is not enough. Common passwords, a single repeated character, and simple sequences like "abcd", "1234", or "qwerty" are the first things attackers try, so the checker applies penalties for them. A password on the built-in common-password list is treated as very weak no matter how long it is.

What makes a genuinely strong password?

Aim for at least 12–16 characters mixing uppercase, lowercase, numbers, and symbols, with no dictionary words, names, dates, or keyboard patterns. The easiest way to get one is to let a tool build it for you — try the password generator — and store it in a password manager rather than memorising it.