Loading Password Strength Tool...
Estimate a password's entropy and rough crack time from its character pool and length. Runs entirely in your browser - nothing is sent or stored.
Password strength is about how many guesses an attacker would need. Entropy, measured in bits, captures that: each extra bit doubles the work. A short password from a small character set has low entropy and falls quickly, while a long, varied one resists even huge guessing campaigns. This tool estimates the entropy and a rough offline crack time for a password so you can judge it before relying on it.
Input:
Tr0ub4dour&3xtra-L0ng-Passphrase!
Output:
~90+ bits, rating very strong, crack time effectively forever
Is this as accurate as zxcvbn?
No. It is a character-pool entropy estimate with light pattern penalties, not a full dictionary analyzer. A real word in a large pool can still be weak, so treat the result as a guide.
What crack speed is assumed?
Ten billion guesses per second, a reasonable figure for an offline attack on a fast hash. Slow, salted hashes like bcrypt or Argon2 would take far longer.
How do I get a strong password?
Length helps most. A long passphrase of several random words, or 16-plus mixed characters, reaches high entropy and is easier to remember than short complex strings.
Is my password sent anywhere?
No. Analysis happens entirely in your browser and nothing is stored or transmitted.
Estimate a password's entropy and rough crack time from its character pool and length. Everything runs in your browser - nothing is sent or stored.
Entropy is estimated as length times log2 of the character pool size, with small penalties for repeats and common patterns. Crack time assumes a fast offline attacker at 10 billion guesses per second. This is a guide, not a guarantee - a dictionary word in a large pool can still be weak.