Language
English English Vietnamese (Tiếng Việt) Vietnamese (Tiếng Việt) Chinese (简体中文) Chinese (简体中文) Portuguese (Brazil) (Português do Brasil) Portuguese (Brazil) (Português do Brasil) Spanish (Español) Spanish (Español) Indonesian (Bahasa Indonesia) Indonesian (Bahasa Indonesia)
Password Strength Checker

Password Strength Checker

Check how strong your password is with a real-time score, entropy in bits, crack-time estimates, and actionable tips to improve it.

What Is a Password Strength Checker?

This password strength checker analyzes any password you type and tells you how resistant it really is to cracking. Instead of just counting character types, it uses the zxcvbn estimator built by Dropbox, which judges passwords the way real attackers do — spotting common words, keyboard patterns, repeats, and predictable substitutions.

It is for anyone tightening up account security: pick a stronger password for email, banking, or a password manager, sanity-check a password before you save it, or show a friend why "Password123" is weaker than it looks. You get a strength score, entropy in bits, realistic crack-time estimates, and specific tips to fix the weak spots.

Private by design: every check runs in your browser. The zxcvbn library loads once and then analyzes locally — your password is never uploaded, stored, or sent to a server.

How to Use the Password Strength Checker

1

Type your password

Enter or paste a password in the input field. Analysis starts immediately and updates with every keystroke — there is no button to press. Use the eye icon to show or hide what you typed.

2

Read the strength meter

The colored bar rates your password from Very Weak (red) to Very Strong (green) across five levels, giving you an at-a-glance verdict.

3

Check the numbers

Review the score percentage, entropy in bits, and the estimated number of guesses needed. Then compare crack times across Online Attack, Offline Attack, and GPU Cluster scenarios.

4

Act on the feedback

Read the warnings and suggestions, look at the character composition bars, and adjust your password until the score and crack time reach a level you are comfortable with.

Crack-time scenarios: Online Attack assumes a rate-limited login (100 guesses per hour). Offline Attack assumes fast hash cracking from a leaked database (10 billion per second). GPU Cluster assumes a well-funded attacker with dedicated hardware (100 billion per second).

Features

Real-Time Analysis

Results update with every keystroke as you type — no button to click, so you can iterate and improve instantly.

zxcvbn-Powered Scoring

Goes beyond character rules to detect common passwords, dictionary words, keyboard patterns, repeats, and dates the way attackers do.

Five-Level Strength Meter

A colored bar rates your password from Very Weak to Very Strong, with a score percentage from 0% to 100%.

Entropy in Bits

See how much randomness your password carries in bits — higher entropy means more unpredictable and harder to guess.

Crack-Time Estimates

Compare how long your password would survive across three attack scenarios: online, offline, and a massive GPU cluster.

Guesses Estimate

View the estimated number of guesses an attacker would need, formatted clearly from thousands to trillions and beyond.

Character Composition

Visual bars break down uppercase, lowercase, numbers, and symbols so you can spot which character types are missing.

Warnings & Suggestions

When weaknesses are found, you get specific warnings about what is vulnerable plus concrete tips to fix it.

Show / Hide & Length

Toggle password visibility with the eye icon and watch a live character counter as you type.

Local & Private

All analysis runs in your browser. Your password never leaves the device — no uploads, tracking, or network requests.

Frequently Asked Questions

Is it safe to type my real password here?

Yes. All analysis runs entirely in your browser with JavaScript. Your password is never sent to a server or stored anywhere. You can confirm this by opening your browser's network tab — no requests are made while you type, only the one-time load of the analysis library.

Do you store or send my password?

No. There is no logging, tracking, or upload of any kind. The password lives only in the input field in your browser and is gone the moment you close or refresh the page.

How does the password strength checker work?

It runs your password through the zxcvbn algorithm, which pattern-matches against common passwords, dictionary words, spatial keyboard patterns, repeats, and date sequences. From that it derives a strength score, an estimate of how many guesses it would take, and crack-time figures for several attack scenarios.

What is entropy and why does it matter?

Entropy measures the randomness of your password in bits. A password with 40 bits of entropy has about 2^40 (roughly one trillion) possible combinations. Higher entropy means more combinations an attacker must try, which makes the password harder to crack.

Why does my password score low even with special characters?

zxcvbn looks past simple character requirements. Common substitutions (like @ for a, or 0 for o), dictionary words, keyboard patterns, and sequences are all penalized because attackers check those first. Real strength comes from genuine randomness and length, not predictable complexity.

What makes a password strong, and what score should I aim for?

Length matters most — aim for 14 or more characters, mix all four character types, and avoid words, sequences, and personal info. A passphrase of several random words works well. Target at least 75% (Strong); for email, banking, or password managers aim for 100% (Very Strong) with an offline crack time measured in years.

How accurate are the crack-time estimates?

They are based on current computing power and assume brute-force or smart dictionary attacks. Actual times vary with the hashing algorithm a service uses, the attacker's hardware, and their methods. Treat the estimates as a useful relative comparison between passwords rather than an exact guarantee.

Processed locally — your password never leaves this device
0 characters
Score
Entropy
Guesses
Estimated Crack Time
Online Attack
Rate-limited (100/hour)
Offline Attack
Fast hash (10B/sec)
GPU Cluster
Massive GPU (100B/sec)
Character Composition
Type or paste a password to instantly see its strength analysis
Click the eye icon to show or hide your password
Aim for a score of 75%+ and an offline crack time of years or more
Mix uppercase, lowercase, numbers, and symbols for stronger passwords
Longer passwords are exponentially harder to crack — aim for 14+ characters
A passphrase of several random words is both strong and easy to remember
Your password never leaves this device — all analysis is done locally
Want to learn more? Read documentation →
1/8
Start typing to search...
Searching...
No results found
Try searching with different keywords