Password Strength Checker
Score a password and get specific ways to strengthen it.
Checked entirely in your browser — nothing is sent anywhere.
How to use
- 1 Type or paste the password you want to test.
- 2 Read the strength score, entropy and estimated crack time.
- 3 Review which composition checks pass or fail.
- 4 Apply the suggestions until the score is strong.
About Password Strength Checker
The Password Strength Checker rates a password and tells you exactly why it earned that rating.
It combines an entropy estimate with explicit composition checks — length, lowercase, uppercase, digits and symbols — and a small blocklist of the most-leaked passwords, then returns a score from 0 (very weak) to 4 (very strong).
Alongside the score you get the estimated entropy in bits and a rough offline crack-time figure, so an abstract “strong” becomes something concrete you can reason about.
Each failing check is turned into an actionable suggestion: add length, add a missing character class, or choose something that is not a common password.
Crucially, this runs entirely in your browser.
The password you type is never sent over the network, logged, or stored — it lives only in the page until you close it.
That makes it safe to test a real candidate password before you commit to it, without trusting a remote server.
Use it to sanity-check a passphrase you have invented, to understand why a site rejected your choice, or to teach the difference between a memorable-but-weak word and a genuinely resilient secret.
FAQ
Is my password sent anywhere?
No. The analysis runs entirely in your browser using client-side JavaScript. Nothing is uploaded, logged or stored.
How is the crack time estimated?
It assumes a fast offline attack of around ten billion guesses per second against the password’s entropy. It is a rough guide, not a guarantee.
Why is my long password still marked weak?
Common or leaked passwords are capped to the lowest score regardless of length, because attackers try those first.