Search tools

Find a tool by name or what it does.

Password Strength Checker

See how strong a password is, with an entropy estimate in bits, an approximate offline crack time, a 5-level meter, and specific tips to make it harder to guess.

Everything runs in your browser. Your password is never uploaded, saved, or logged.

Strength

Type or paste a password to check its strength.

The report includes the rating and tips only, never the password itself.

How to check password strength online

  1. Type or paste a password

    Enter the password you want to test in the field, and use the show button to reveal exactly what you typed.

  2. Read the strength meter

    The 5-level meter, the entropy in bits, and the estimated crack time all update the moment you start typing.

  3. Follow the tips

    Specific suggestions point out weak spots like short length, dictionary words, keyboard runs, and repeated characters.

  4. Copy the report

    Copy a plain-text summary of the rating, entropy, and tips; the password itself is never included in the report.

Why use this tool

Entropy in bits

Strength is scored as estimated bits of entropy from the length and the mix of lowercase, uppercase, numbers, and symbols.

Approximate crack time

See roughly how long a fast offline attack would take to guess the password, from instantly to far longer than the age of the universe.

Pattern detection

The score is lowered when it spots common passwords, dictionary words, keyboard runs, sequences like 123 or abc, and repeated characters.

5-level strength meter

A colored meter rates the password from Very weak to Very strong, so you can watch it improve as you refine it.

Actionable tips

Every result lists concrete ways to make the password stronger, instead of just a pass or fail grade.

Runs entirely in your browser

Your password is checked on your device and is never sent, saved, or logged.

About this tool

This password strength checker estimates how hard a password would be to guess and shows you why, all in your browser. As you type, it works out roughly how many attempts an attacker would need and turns that into a familiar 5-level meter, an entropy figure in bits, and an approximate offline crack time. Nothing you type is sent anywhere, so it is safe to test the passwords you actually use.

Strength comes from more than length. The checker looks at how long the password is and which character types it uses, lowercase, uppercase, numbers, and symbols, then lowers the score when it detects patterns that make guessing easier: common passwords, dictionary words with numbers tacked on the end, keyboard runs, sequences like 123 or abc, and repeated characters. The crack time assumes a fast offline attack guessing billions of candidates a second, which is close to the worst realistic case, so a password rated Strong here has real margin. To create a fresh one from scratch, use the password generator.

Everything runs on your device, which is the only safe way to check a password you rely on; a tool that uploaded it would defeat the point. Use this to sanity-check a new password before you save it, to understand why an old one is weak, or to compare a random string against a memorable passphrase. When you need to fingerprint a file rather than rate a secret, reach for the hash generator.

Frequently asked questions

How is password strength calculated?
The tool estimates entropy, measured in bits, from the length and the mix of character types, then reduces that estimate when it finds patterns that make guessing easier, such as common passwords, dictionary words, keyboard runs, sequences, and repeats. The final number drives both the meter and the crack time.
What does the estimated crack time mean?
It is roughly how long a fast offline attack would take to guess the password, assuming an attacker who can already test around 10 billion candidates a second against a weak stored hash. That is close to the worst realistic case, so a real attacker is usually slower, not faster.
Is my password uploaded anywhere?
No. Everything runs in your browser; nothing is sent to a server. The password stays on your device and is never saved or logged, and the copyable report contains the rating and tips only, never the password itself.
Does it detect common passwords and patterns?
Yes. It flags well-known passwords, dictionary words even when numbers or symbols are added on the end, simple letter and number swaps, keyboard runs like qwerty, sequences like 123 or abc, and repeated characters or short repeated blocks, and it lowers the score accordingly.
What is entropy in bits?
It is a way to size the number of guesses needed: each extra bit doubles that number. As a rough guide, under 30 bits is very weak, around 60 bits is strong against an offline attack, and 80 or more is very strong. Length is the cheapest way to add bits.
Are there limits on what I can check?
You can check any characters, including letters, numbers, symbols, and other Unicode characters, up to a long passphrase length. Because everything runs locally there are no rate limits, and the estimate is intentionally conservative rather than a guarantee about any specific attacker.

Related tools