Strength Checker
Entropy & crack-time estimate
- Empty password.
- Include a digit.
- Add a symbol (!@#$%).
What is Strength Checker?
Analyse a password's entropy and estimated brute-force crack time. The report shows entropy in bits, the character-class pool used, and a rough crack-time estimate based on 10^10 guesses per second (a reasonable offline-attack rate against a fast hash like SHA-256). Flags common patterns — single-character repeats, top-password-list matches — and gives concrete improvement suggestions.
How do I use Strength Checker?
- Type or paste the password (use the Reveal toggle if typing).
- Read the strength score, entropy, and crack-time estimate.
- Follow the suggestions to improve weak passwords.
When should I use Strength Checker?
Password Strength is a heuristic. For a production-quality audit, zxcvbn is the gold standard (it's ~800 KB and we chose not to bundle it). To generate a new strong password instead of checking one, use Password Generator.
How is strength calculated?
Using zxcvbn — the same library LinkedIn, Dropbox, and 1Password use. It estimates the number of guesses a realistic attacker would need, factoring in dictionary words, common patterns, repeats, and keyboard sequences.
Is my password sent anywhere?
No. zxcvbn runs entirely in your browser — the password is never transmitted. Typed passwords are not saved in local storage either.
What score should I aim for?
Score 4 (strong) or better for anything protecting financial, health, or sensitive accounts. Score 3 is acceptable for low-stakes logins if paired with a second factor.
Is my file uploaded anywhere?
No. Everything runs in your browser. Your files never leave your device, and there is no server component for this tool.