Password Strength Checker

By Dr Alex J Martin-Smith

All checks run in your browser. We do not upload or store your password.

Caution: Do not paste real banking credentials on untrusted devices.

-
Length 0
Entropy 0 bits
Estimate model -
Estimated crack time -
Lowercase: 0 Uppercase: 0 Numbers: 0 Symbols: 0

Crack time estimates are approximate ranges at 10 billion guesses per second. Actual times vary with hardware and hashing.

Breach check (optional)

This uses the Pwned Passwords range method. Only the first 5 characters of a SHA-1 hash are sent, not the password itself. This is still an external request, so it is off by default.

Generate a new password

How it works

  • Your password is checked locally in your browser. Nothing is transmitted.
  • Entropy is calculated from the character pool and password length.
  • Common patterns like keyboard runs and repeated characters are detected.
  • The password is compared against a built-in list of frequently used passwords.
  • Crack time assumes 10 billion guesses per second from a modern GPU cluster.

Is it safe to use password checkers?

Be cautious about where you type your real credentials. This tool keeps everything in your browser.

Why is this password strength checker safe?

  • Local processing: The password you type stays in your browser. It is never sent to any server or stored anywhere. You could disconnect from the internet and try it yourself.
  • No data collection: We do not collect, log, or transmit any information you enter.
  • Open approach: The source code runs client-side and can be inspected in your browser.

How does the password strength checker work?

  • Entropy estimation: We calculate the theoretical entropy in bits based on the character pool your password uses and its length.
  • Pattern detection: We check for repeated characters, sequential patterns (e.g. 1234, abcd), keyboard runs (e.g. qwerty, asdf), and common character substitutions (e.g. @ for a, 3 for e).
  • Common password check: We compare your password against a curated list of frequently used passwords.
  • Clear feedback: The tool gives you an honest assessment of your password's strength along with practical guidance.

Disclaimer: Estimates assume a brute-force attack at 10 billion guesses per second. In practice, common or predictable passwords can be cracked much more quickly using dictionary attacks.

If you suspect your email or password has been compromised in a data breach, check at haveibeenpwned.com.