Password Strength Checker

How to use

1. 1Type or paste a password into the input field. Click Show to reveal it, or leave it masked.
2. 2Read the strength meter, the bits of entropy, the detected character classes, and the length and unique-character counts.
3. 3Check the four estimated crack-time scenarios to see how long the password resists each kind of attack.
4. 4Read the warnings and suggestions, then click Copy summary for a paste-ready one-line summary or Clear to start over.

About this tool

Password Strength Checker scores any password in your browser using length, character classes, effective alphabet size, common-password lookup, and pattern detection. The strength meter classifies the password into one of five buckets (very weak, weak, fair, strong, very strong) using its effective entropy in bits, where entropy is the standard log2(alphabet size) times length, then penalized for repeats, low unique-character ratio, keyboard sequences (like qwerty or 1234), alphabetic runs (like abcd), date and year fragments, and matches against a curated list of well-known leaked passwords (with a leet-speak normalization step so p@ssw0rd1 is caught the same way as password). The result panel shows the effective entropy in bits, the raw entropy from the alphabet, the detected character classes, length, and unique-character count, plus four estimated crack-time scenarios that cover the realistic threat models: an online attack with rate limiting (about 100 guesses per hour), an unthrottled API attack (about 10 guesses per second), a stolen fast-hash database cracked on a single GPU (about 10 billion guesses per second for raw SHA-256 or MD5), and a stolen slow-hash database (about 10 thousand guesses per second for bcrypt at cost 10). Specific weakness warnings explain what makes the password guessable, and concrete suggestions tell you what to fix. The tool runs entirely in your browser: the password is never uploaded, never logged, and never sent to a server, which is exactly what a strength checker has to promise. This is a strength estimator, not a guarantee. A high score means the password resists common attack patterns; it does not prove the password has not already been leaked, so always pair a strong score with a unique password per account, two-factor authentication, and a password manager. Useful for teaching colleagues and family members what a strong password looks like, validating passwords before pasting them into a manager, sanity-checking a generated value, comparing two candidates side by side, or simply answering the question how strong is my password without sending it to a third-party server.

Free to use. Works in your browser. No signup, no login.