Instantly analyse any password. Nothing is sent anywhere — 100% in your browser.
Password strength is measured in bits of entropy — the logarithm (base 2) of the total number of possible passwords given its character set and length. A password using 26 lowercase letters and 10 digits (36 possible characters) with length 12 has log2(36^12) ≈ 62 bits of entropy.
General thresholds: under 28 bits is trivially crackable, 28-35 bits is weak, 36-59 is fair, 60-127 is strong, and 128+ bits is considered beyond brute-force reach with current technology. But entropy alone isn't everything — patterns like dictionary words, keyboard sequences (qwerty), and repeated characters drastically reduce effective strength.
This tool goes beyond simple entropy calculation. It checks for common passwords (the "password123" problem), sequential patterns, character repetition, and character set diversity. The estimated crack time assumes an offline attack at 10 billion guesses per second — representative of a GPU-accelerated hash cracking setup.
This tool in other languages:
Français:
Vérificateur de force de mot de passe
Español:
Verificador de fortaleza de contraseña
Deutsch:
Passwortstärke-Prüfer
Português:
Verificador de força de senha
日本語:
パスワード強度チェッカー
中文:
密码强度检测工具
한국어:
비밀번호 강도 확인기
العربية:
مدقق قوة كلمة المرور
Type or paste a password in the input. The tool analyzes it instantly, showing an entropy estimate, detected patterns (dictionary words, repeated characters, keyboard walks), and an overall strength rating. Nothing is sent anywhere — the analysis runs in your browser.
Entropy measures unpredictability in bits. Each bit doubles the number of guesses needed to crack. A password with 60 bits of entropy requires ~10^18 guesses — infeasible. A password with 30 bits (common for short passwords) can be cracked in minutes. Aim for 60+ bits for important accounts.
With this tool, yes — the analysis is 100% in-browser. Open your browser's network tab: no requests fire when you type. Avoid strength checkers that require an account or send data to a server — a real password you care about should never leave your device.
Length alone isn't enough. Common weaknesses: dictionary words (correct), keyboard walks (qwerty, asdfghjkl), dates (01012024), names, simple substitutions (p@ssw0rd), and repeated characters (aaaaaaaa). Attackers explicitly test for these patterns before trying random guessing.
Yes — the XKCD passphrase style (four random common words) gets ~44-50 bits of entropy, which is strong enough for most uses and much easier to remember than random character strings. Add a 5th word or a number for higher-stakes accounts. The key word is random — don't pick meaningful words.