Password Strength Checker
Check how strong a password is — entropy, estimated crack time, and weaknesses. Runs entirely in your browser; nothing is sent or stored.
Runs in your browser — nothing uploaded
The password is analysed entirely in your browser — it is never sent anywhere, logged, or stored, and it disappears when you close the tab. Crack-time is a rough estimate assuming a fast offline attack; real-world strength also depends on whether the password appears in breach lists.
See how strong a password really is. This checker estimates its entropy and how long it would take to crack, and points out weaknesses like common patterns — all in your browser, so the password is never sent or stored.
Private by design — your data never leaves your device
How to use it
No account, no upload — it all happens on your device.
1
Type or paste a password into the box.
2
Watch the strength rating, entropy, and estimated crack time update live.
3
Use the checklist to see what would make it stronger.
4
Nothing is sent anywhere — the check happens in your browser.
What the rating means
Strength is measured in bits of entropy.
- Entropy is the number of guesses, expressed as a power of two, needed to be sure of finding the password. Each extra bit doubles the work for an attacker.
- Very weak / weak passwords fall in minutes or less to an automated attack. Fair buys some time; strong and very strong are impractical to brute-force.
- Crack time is an estimate for a fast offline attack. Online attacks are far slower, but you should assume the worst case.
Building a better password
- Go long. Aim for 12+ characters; a passphrase of four or more random words is excellent.
- Make it unique. Never reuse a password across sites. A password manager makes this painless.
- Avoid the obvious. Names, dates, keyboard runs (qwerty), and single dictionary words are the first things attackers try. Generate one with the Password Generator.
Frequently asked
Is it safe to type my real password here?
Yes. The password is analysed entirely in your browser with JavaScript — it is never sent over the network, logged, or stored, and it is gone when you close the tab. That said, the safest habit is to test the pattern of a password (length and character mix) rather than one already in use.
How is the strength calculated?
It estimates entropy (in bits) from the length and the variety of character types, then subtracts for weaknesses like repeats, sequences, and known common passwords. Estimated crack time assumes a fast offline attack of about 10 billion guesses per second.
What actually makes a password strong?
Length beats complexity. A long passphrase of a few random words is stronger and easier to remember than a short string of symbols. Above all, make every password unique — reuse is the biggest real-world risk, since one breach then unlocks many accounts.