What is password entropy?

Entropy measures password unpredictability in bits. The higher the entropy, the more guesses an attacker needs. Aim for at least 80 bits of entropy for secure passwords.

What makes a password weak?

Short length, using only one character type (e.g. only lowercase), using common words or patterns like '123456' or 'password', and reusing the same password across sites all make passwords weak.

How is crack time estimated?

Crack time is estimated based on password entropy and an assumed attack rate of 10 billion guesses per second (offline brute-force). Real-world crack times vary depending on hashing algorithm and attacker resources.

Free Password Strength Checker

Instantly analyse any password with a visual strength meter, entropy score, estimated crack time and personalised improvement tips.

🔒 100% Private ⚡ Instant 🆓 Free

Enter Password to Check

Strength

—

Length

—

Entropy (bits)

—

Est. Crack Time

—

Charset Size

abc lowercase ABC uppercase 123 numbers !@# symbols

About the Password Strength Checker

This tool analyses your password locally in the browser — nothing you type is ever transmitted to a server. The strength analysis is based on multiple factors: length, character set diversity, entropy (bits of randomness), and common pattern detection.

The estimated crack time assumes an offline brute-force attack at 10 billion guesses per second, which reflects modern GPU-accelerated cracking hardware. For common hash algorithms (MD5, SHA-1) real attacks can be even faster — which is why high entropy matters so much.

The improvement tips give you actionable steps to bring any weak password up to a strong standard quickly.

How to Use the Password Strength Checker

Type or Paste Password

Enter any password into the input field. Analysis updates in real time as you type.

Read the Strength Meter

The colour-coded bar shows strength from Very Weak (red) to Very Strong (green).

Review Entropy & Crack Time

Check how many bits of entropy your password has and how long it would take to brute-force.

Apply Improvement Tips

Follow the personalised tips to strengthen your password until the meter turns green.

Key Features

Real-time analysis as you type — no button press needed
5-level strength scale: Very Weak → Very Strong
Entropy calculation in bits based on effective charset size
Estimated crack time at 10B guesses/second
Character type breakdown (lowercase, uppercase, numbers, symbols)
Personalised improvement tips for each weakness detected
Toggle password visibility without clearing the field
Zero server communication — 100% private

Frequently Asked Questions

No. The entire analysis runs in your browser using JavaScript. Your password is never transmitted over the network — not even anonymised telemetry is collected.

Entropy measures password unpredictability in bits. It is calculated as length × log₂(charset_size). A 50-bit password requires up to 2⁵⁰ guesses to crack. Aim for 80+ bits for strong protection.

Short length, using only one character type (e.g. only lowercase), using dictionary words or common patterns like "123456" or "password", and reusing passwords across sites all significantly weaken a password.

Crack time is estimated based on entropy, assuming 10 billion guesses per second — representative of an offline attack with modern GPU hardware cracking an unsalted MD5 hash. Salted bcrypt/Argon2 hashes would take orders of magnitude longer.