Length or complexity — which matters more?

Length wins. Adding one character to a 12-character password roughly multiplies crack time by the size of your character set (e.g. 95×). Adding one symbol type only multiplies it once. 'correct horse battery staple' (28 chars) beats 'P@ss1!' (6 chars) by trillions of times.

Why does 'P@ssw0rd!' rate weak even with all character types?

Because attackers use dictionary attacks with common substitutions (a→@, o→0, s→$). 'Password' is in every leaked-password list ever made; adding predictable mutations doesn't help. Real entropy comes from unpredictable choices, not formulaic edits.

Is my password sent to check against breach databases?

No. All scoring runs locally in your browser. We never transmit the password. If you want to check breach exposure, use Have I Been Pwned's k-anonymity API, which only sends the first 5 characters of the password's SHA-1 hash.

What's a 'good enough' score?

Aim for crack time of centuries against an offline attack. That's roughly 70+ bits of entropy. For non-critical sites, 50 bits is acceptable; for banking, email, or your password manager master, target 80+ bits and use a unique password.

Password Strength Checker

Score password entropy and estimated crack time, with practical improvement tips.

Security

Share this tool

f 𝕏 L

All processing happens in your browser.

Password

How to Use

1
Type or paste the password you want to evaluate into the input field.
2
The strength meter updates in real time showing entropy in bits and estimated crack time.
3
Read the feedback to see which patterns are making the password weak.
4
Adjust your password until the crack time reaches at least 'centuries'.

Use Cases

Evaluating Existing Passwords

Quickly audit your current passwords to find which ones need replacing.

Teaching Password Hygiene

Demonstrate to colleagues or students why 'P@ssw0rd' is dangerously weak.

Passphrase Validation

Confirm that a memorable passphrase like 'correct-horse-battery-staple' is genuinely strong.

Security Audits

Run sample passwords through the scorer as part of an internal security review.

Frequently Asked Questions

Score password strength by entropy and estimate how long a modern attacker would need to crack it. Useful for picking memorable yet safe passwords and spotting patterns that look strong but aren't.

Entropy in bits measures unpredictability. Each bit doubles the number of guesses needed: 40 bits = 1 trillion guesses, 60 bits = quadrillion, 80+ bits is what experts recommend for important accounts. We compute it from password length × log2(character set size).

Explore More Tools

#️⃣

Password Strength Checker

How to Use

Use Cases

Evaluating Existing Passwords

Teaching Password Hygiene

Passphrase Validation

Security Audits

Frequently Asked Questions

Explore More Tools

Hash Generator

AES Encrypt / Decrypt

TOTP Authenticator

Hash Compare

PII Masker

Advanced Password Generator

Password Strength Checker

How to Use

Use Cases

Evaluating Existing Passwords

Teaching Password Hygiene

Passphrase Validation

Security Audits

Frequently Asked Questions

Explore More Tools

Hash Generator

AES Encrypt / Decrypt

TOTP Authenticator

Hash Compare

PII Masker

Advanced Password Generator