Password Strength Test
Test how strong your password is with real-time analysis. See entropy, estimated crack time, and a detailed breakdown of security criteria. Get actionable suggestions to improve weak passwords.
Test Your Password
All analysis happens locally in your browser. Nothing is transmitted.
Strength
Enter a passwordSecurity Criteria
Length
Enter a password
Lowercase letters
Add lowercase letters (a-z)
Uppercase letters
Add uppercase letters (A-Z)
Numbers
Add numbers (0-9)
Special characters
Add special characters (!@#$...)
No common patterns
Enter a password to check
How to Use This Password Strength Test
Enter Your Password
Type or paste a password into the input field above. Analysis begins instantly as you type -- no button needed. Use the eye icon to toggle visibility.
Review the Analysis
Check the strength meter, entropy bits, and estimated crack time. The criteria checklist shows which security requirements are met and which need improvement.
Follow the Suggestions
Use the improvement suggestions to strengthen your password. Add length, mix character types, and avoid common patterns for the best security.
How Password Entropy Is Calculated
Entropy = Length x log2(CharsetSize)Password entropy measures randomness in bits. The charset size depends on which character types are used:
Lowercase only (a-z): 26 characters+ Uppercase (A-Z): 52 characters+ Numbers (0-9): 62 characters+ Symbols (!@#$...): 94 charactersThe crack time is estimated assuming a modern GPU cluster performing 10 billion guesses per second against unsalted hashes. Real-world security depends heavily on how the service stores your password -- proper salting and algorithms like bcrypt or Argon2 add significant protection.
Recommended entropy targets:
- 28+ bits -- Minimum (very basic protection only)
- 36+ bits -- Weak but better than common passwords
- 60+ bits -- Fair, suitable for most online accounts
- 80+ bits -- Strong, recommended for sensitive accounts
- 100+ bits -- Very strong, suitable for encryption keys
This tool also checks for common patterns (dictionary words, keyboard sequences, repeated characters) which drastically reduce effective entropy even if the raw character count looks good.
Frequently Asked Questions
Is it safe to type my password into this tool?
Yes. This tool runs entirely in your browser using JavaScript. Your password is never sent to any server, stored in any database, or transmitted over the network. You can verify this by disconnecting from the internet after the page loads -- the tool will continue to work.
What is password entropy and why does it matter?
Entropy measures the randomness of a password in bits. Higher entropy means more possible combinations an attacker must try. For example, a 12-character password using uppercase, lowercase, numbers, and symbols has about 79 bits of entropy, meaning there are 2^79 (about 604 sextillion) possible combinations. Aim for at least 60 bits for online accounts and 80+ bits for sensitive systems.
How is the estimated crack time calculated?
The crack time assumes a modern GPU cluster performing 10 billion guesses per second (a realistic rate for offline attacks against unsalted hashes). The calculation is: total combinations (2^entropy) divided by twice the guessing rate (average case). Real-world times vary based on hashing algorithm, salting, and available hardware.
What makes a strong password?
A strong password combines length (12+ characters), character variety (uppercase, lowercase, numbers, and symbols), and randomness (no dictionary words, names, dates, or keyboard patterns). The single most impactful factor is length -- each additional character exponentially increases the number of combinations. Using a password manager to generate and store random passwords is the best approach.
Should I use a passphrase instead of a password?
Passphrases (like "correct horse battery staple") can be excellent passwords because they are long and memorable. A 4-word passphrase from a large dictionary provides about 44-55 bits of entropy, while 5-6 words can reach 70+ bits. For maximum security, combine a passphrase with numbers and symbols, or use a randomly generated password stored in a password manager.
Security Notice
This password strength test runs entirely in your web browser. Your password is never transmitted, logged, or stored on any server. The analysis uses standard JavaScript APIs running locally on your device. For best security practices, use a unique strong password for every account, store passwords in a reputable password manager, and enable two-factor authentication (2FA) wherever available.
Related Tools
More free calculators and tools you might find useful
Color Contrast Checker
Check color contrast ratios for WCAG 2.1 compliance. Enter foreground and background colors to see AA and AAA pass/fail results for normal and large text. Free accessibility tool.
DNS Propagation Checker
Check DNS propagation across global servers instantly. Verify A, AAAA, CNAME, MX, NS, TXT, and SOA records from 7 independent resolvers worldwide. Free, fast, and private -- no data stored.
Find My IP Address
Instantly find your public IP address. See your IPv4 address, timezone, browser details, and copy your IP to clipboard with one click. Free, fast, and private.
Hex Color to Pantone Converter
Convert hex color codes to the closest Pantone color match. Uses Delta-E color distance in CIELAB color space for accurate matching. View RGB, HSL, and CMYK conversions.
JSON Formatter
Format, beautify, and minify JSON data online. Validate JSON syntax with detailed error messages including line and column numbers. Supports 2-space, 4-space, and tab indentation.
JSON Schema Validator Online
Validate JSON data against a JSON Schema online. Paste your schema and data, get instant validation results with detailed error messages. Free browser-based tool -- no data sent to servers.