Password Strength Checker
See how strong a password is, with an entropy estimate in bits, an approximate offline crack time, a 5-level meter, and specific tips to make it harder to guess.
Everything runs in your browser. Your password is never uploaded, saved, or logged.
Strength
The report includes the rating and tips only, never the password itself.
How to check password strength online
Type or paste a password
Enter the password you want to test in the field, and use the show button to reveal exactly what you typed.
Read the strength meter
The 5-level meter, the entropy in bits, and the estimated crack time all update the moment you start typing.
Follow the tips
Specific suggestions point out weak spots like short length, dictionary words, keyboard runs, and repeated characters.
Copy the report
Copy a plain-text summary of the rating, entropy, and tips; the password itself is never included in the report.
Why use this tool
Entropy in bits
Strength is scored as estimated bits of entropy from the length and the mix of lowercase, uppercase, numbers, and symbols.
Approximate crack time
See roughly how long a fast offline attack would take to guess the password, from instantly to far longer than the age of the universe.
Pattern detection
The score is lowered when it spots common passwords, dictionary words, keyboard runs, sequences like 123 or abc, and repeated characters.
5-level strength meter
A colored meter rates the password from Very weak to Very strong, so you can watch it improve as you refine it.
Actionable tips
Every result lists concrete ways to make the password stronger, instead of just a pass or fail grade.
Runs entirely in your browser
Your password is checked on your device and is never sent, saved, or logged.
About this tool
This password strength checker estimates how hard a password would be to guess and shows you why, all in your browser. As you type, it works out roughly how many attempts an attacker would need and turns that into a familiar 5-level meter, an entropy figure in bits, and an approximate offline crack time. Nothing you type is sent anywhere, so it is safe to test the passwords you actually use.
Strength comes from more than length. The checker looks at how long the password is and which character types it uses, lowercase, uppercase, numbers, and symbols, then lowers the score when it detects patterns that make guessing easier: common passwords, dictionary words with numbers tacked on the end, keyboard runs, sequences like 123 or abc, and repeated characters. The crack time assumes a fast offline attack guessing billions of candidates a second, which is close to the worst realistic case, so a password rated Strong here has real margin. To create a fresh one from scratch, use the password generator.
Everything runs on your device, which is the only safe way to check a password you rely on; a tool that uploaded it would defeat the point. Use this to sanity-check a new password before you save it, to understand why an old one is weak, or to compare a random string against a memorable passphrase. When you need to fingerprint a file rather than rate a secret, reach for the hash generator.
Frequently asked questions
- How is password strength calculated?
- The tool estimates entropy, measured in bits, from the length and the mix of character types, then reduces that estimate when it finds patterns that make guessing easier, such as common passwords, dictionary words, keyboard runs, sequences, and repeats. The final number drives both the meter and the crack time.
- What does the estimated crack time mean?
- It is roughly how long a fast offline attack would take to guess the password, assuming an attacker who can already test around 10 billion candidates a second against a weak stored hash. That is close to the worst realistic case, so a real attacker is usually slower, not faster.
- Is my password uploaded anywhere?
- No. Everything runs in your browser; nothing is sent to a server. The password stays on your device and is never saved or logged, and the copyable report contains the rating and tips only, never the password itself.
- Does it detect common passwords and patterns?
- Yes. It flags well-known passwords, dictionary words even when numbers or symbols are added on the end, simple letter and number swaps, keyboard runs like qwerty, sequences like 123 or abc, and repeated characters or short repeated blocks, and it lowers the score accordingly.
- What is entropy in bits?
- It is a way to size the number of guesses needed: each extra bit doubles that number. As a rough guide, under 30 bits is very weak, around 60 bits is strong against an offline attack, and 80 or more is very strong. Length is the cheapest way to add bits.
- Are there limits on what I can check?
- You can check any characters, including letters, numbers, symbols, and other Unicode characters, up to a long passphrase length. Because everything runs locally there are no rate limits, and the estimate is intentionally conservative rather than a guarantee about any specific attacker.
Related tools
Password Generator
Create strong random passwords or memorable passphrases, with control over length, characters, word count, and bulk output.
Hash Generator
Hash text or any file to MD5, SHA-1, SHA-256, and SHA-512, and verify a checksum.
UUID Generator
Generate version 4 and version 7 UUIDs in bulk, with case and format options.
API Key Generator
Generate cryptographically random API keys and tokens in hex, base62, or base64url, with control over length, an optional prefix, and bulk output.
ASCII Table Reference
The full ASCII character set with decimal, hex, octal, binary, and HTML codes. Search by code, character, or name.
Atbash Cipher
Mirror the alphabet so A swaps with Z, B with Y, and so on. Atbash is its own inverse, so one field both encodes and decodes as you type.