🛡️

Password Strength Checker

Check how strong your password is

Password
🔒 100% client-side — your password is never sent anywhere

About Password Strength Checker

A visual strength bar is not enough. This shows you the actual entropy (in bits), an estimated crack time for an offline attack, which character types you are missing, and specific reasons why a password scores poorly. Checks for common patterns (keyboard walks, sequential numbers, dictionary words) that reduce effective entropy even in long passwords. "Password123!" looks complex but scores poorly because it follows a completely predictable pattern. Runs entirely in the browser. Your password is not transmitted anywhere — you can disconnect from the internet and it still works.

Common Use Cases

  • Understanding why a password that looks strong actually is not
  • Checking a password against entropy requirements before using it
  • Learning what patterns make passwords guessable
  • Verifying that a generated password meets your security requirements

Frequently Asked Questions

What actually makes a password strong?+
Length is the biggest factor — each character multiplies the search space. Character variety (adding symbols or uppercase) helps less than adding more characters. Avoid any recognisable patterns: words, names, dates, keyboard sequences.
What is entropy in this context?+
Entropy (measured in bits) represents how unpredictable the password is. A password with 60 bits of entropy means there are 2⁶⁰ possible values in the search space. Each additional bit doubles the difficulty.
Is it safe to type my password here?+
Yes — everything runs in the browser, nothing is transmitted. You can verify this by opening network devtools while typing.
How are crack times calculated?+
Based on entropy and an assumed offline attack rate of ~10 billion guesses per second (realistic for a dedicated GPU). Online attacks (rate-limited by the server) are orders of magnitude slower.