How Strong Is My Password?
Check your password strength with crack time estimates
Your password never leaves your browser
All analysis is performed locally using JavaScript. Nothing is sent to any server.
Password Strength
--
Score: - / 4
Estimated Crack Time
--
Password Length
--
Character Types
--
Score
--
How it works
This tool estimates password strength by analyzing character diversity (uppercase, lowercase, digits, symbols), length, common patterns (sequential characters, repeated characters), and checks against a list of commonly used passwords. The entropy-based score maps to a 0-4 scale similar to the zxcvbn algorithm. The crack time estimate assumes an attacker performing 10 billion guesses per second. Everything runs entirely in your browser.
Frequently Asked Questions
Is my password sent to any server?
No. This tool analyzes your password entirely in your browser using JavaScript. Your password never leaves your device — no network requests are made. You can verify this by disconnecting from the internet and using the tool offline.
How is password strength calculated?
Password strength is estimated by analyzing character diversity (lowercase, uppercase, numbers, symbols), length, common patterns, dictionary words, and keyboard sequences. The crack time estimate assumes various attack scenarios from online throttled attacks to offline brute force.
What makes a strong password?
A strong password is long (12+ characters), uses a mix of character types, and avoids common words, names, or patterns. Passphrases — random words strung together like 'correct horse battery staple' — are both strong and memorable.
What is a brute force attack?
A brute force attack tries every possible combination until finding the correct password. The time it takes depends on password length, character variety, and the attacker's computing power. A 12-character random password would take centuries to brute force.
Should I use a password manager?
Yes. Password managers generate and store unique, strong passwords for every account. You only need to remember one master password. This is far more secure than reusing passwords or using simple variations across sites.