Password Strength Tester
See how strong a password is — analysed entirely in your browser, never sent anywhere.
Frequently Asked Questions
What can I use the Password Strength Tester for?
Checking whether a password is good enough before you rely on it: sanity-check a password for an important account, compare a few candidates to see which is strongest, or learn what makes a password weak so you can improve it.
Is my password sent anywhere when I test it?
No. The analysis runs entirely in your browser. What you type is never uploaded, logged, stored, or transmitted — you can test even while offline.
How is the strength calculated?
It estimates entropy in bits from the length and the size of the character set used (lowercase, uppercase, digits, symbols), then converts that into an approximate time to crack. It also flags common weaknesses such as short length, a single character type, repeated characters and well-known passwords.
What is a good entropy target?
As a rule of thumb: under 40 bits is weak, 40–60 is fair, 60–80 is strong, and 80+ is very strong. For important accounts aim for 60 bits or more — roughly a 12+ character password that mixes character types.
How accurate is the crack-time estimate?
It is a guide, not a guarantee. It assumes fast offline guessing (billions of attempts per second) against a password chosen randomly from its character set. A predictable password (a dictionary word, a name, a date) can be cracked far faster than its raw entropy suggests, which is why the warnings matter.
Why is my long password still flagged?
Length helps only when combined with unpredictability. A long password made of a single character type, repeated characters, or a common phrase has less real-world strength than its length implies.
What should I do with a weak result?
Make it longer, mix in uppercase, numbers and symbols, and avoid dictionary words or personal information. The companion Password Generator can create a strong random password for you.