Password Strength Checker
See how strong your password is as you type. The password is analyzed locally and never leaves your browser.
Your password never leaves this browser tab.
- At least 8 characters
- At least 12 characters
- Contains uppercase letter
- Contains lowercase letter
- Contains number
- Contains special character (!@#$%^&*)
- Not a common password
What makes a password strong?
Strong passwords are long, unpredictable, and uniqueto each site. Length is the single biggest factor — adding one random character roughly multiplies the search space by the size of the alphabet you're drawing from. Mixing uppercase, lowercase, digits, and symbols adds entropy, but a short complex password is still weaker than a long passphrase.
Entropy and crack time
Entropy (measured in bits) is a rough estimate of how many guesses an attacker would need. 60 bits is a reasonable floor for general use; 80+ bits is good for high-value accounts. Crack-time estimates assume offline attacks against fast hashes at around 1010 guesses per second — slower hashes like bcrypt or Argon2 make even modest passwords much harder to crack.
Use a password manager
The best defense is to never reuse a password and to let a password manager (1Password, Bitwarden, KeePass, the one built into your browser) generate 16-character random strings for every site. You only need to remember one strong master password — and the manager handles the rest.