Password Strength Checker
How strong is your password? Find out instantly — all checks run in your browser.
Suggestions
How Password Strength Checkers Work
Our strength checker evaluates your password using multiple analysis layers:
- Entropy calculation — Measures the theoretical randomness based on character pool size and length. A password using all 95 printable ASCII characters has ~6.57 bits of entropy per character.
- Pattern detection — Identifies common sequences (123, abc), keyboard walks (qwerty, asdf), and repeated characters that reduce effective entropy.
- Common password matching — Checks against patterns used in the most frequently breached passwords.
- Crack time estimation — Estimates how long the password would resist a brute-force attack at 10 billion guesses per second (modern GPU cluster speed).
Understanding Attack Methods
Dictionary Attacks
Attackers start with dictionaries of common passwords, words, names, and phrases — often millions of entries. Passwords based on real words, even with character substitutions, fall to dictionary attacks within seconds.
Brute Force
When dictionary attacks fail, attackers try every possible combination. The time this takes depends entirely on entropy: each additional bit of entropy doubles the search space. This is why length matters more than complexity.
Credential Stuffing
Attackers take leaked username/password pairs from one breach and try them on other services. This is why password reuse is the #1 security risk — even a strong password is useless if it's been leaked. Check your passwords with our Leak Checker.
What the Scores Mean
| Score | Label | Entropy | Recommendation |
|---|---|---|---|
| 0 | Very Weak | < 28 bits | Change immediately — crackable in seconds |
| 1 | Weak | 28–36 bits | Too weak for any account |
| 2 | Fair | 36–50 bits | Acceptable for low-value accounts only |
| 3 | Strong | 50–65 bits | Good for most accounts |
| 4 | Very Strong | 65+ bits | Excellent — suitable for all accounts |
Frequently Asked Questions
Is it safe to type my password into this checker?
Yes. Our strength checker runs 100% in your browser. Your password is never sent to any server — all analysis happens locally using JavaScript. You can verify this by disconnecting from the internet or checking your browser's Network tab.
How does the strength checker work?
We analyze your password across multiple dimensions: length, character variety (uppercase, lowercase, numbers, symbols), entropy calculation (bits of randomness), pattern detection (common sequences, keyboard walks, repeated characters), and comparison against known weak patterns. The result is a composite score from 0 (Very Weak) to 4 (Very Strong).
What is a "good" password strength score?
Aim for a score of 3 (Strong) or 4 (Very Strong). A score of 3 typically means 50+ bits of entropy and a crack time of thousands of years. A score of 4 means 65+ bits — effectively uncrackable by current technology.
Why does my password score low even though it looks complex?
Visual complexity doesn't equal strength. Passwords like P@ssw0rd! use predictable substitutions that cracking tools handle effortlessly. Our checker detects these patterns and penalizes them. True strength comes from length and randomness, not clever substitutions.
What should I do if my password scores below 3?
Use our Password Generator to create a truly random password. If you need something memorable, try our Passphrase Generator for a strong yet easy-to-remember option. Always use a password manager to store your passwords securely.
Does this check if my password has been leaked?
No — this tool only analyzes password strength based on its structure. To check if your password appears in known data breaches, use our Password Leak Checker, which uses the Have I Been Pwned API with k-anonymity (your full password is never sent).