Password Strength Meter
Password strength is measured by entropy (bits of randomness), length, character variety (uppercase, lowercase, numbers, symbols), and absence of patterns. Score ranges: 0-20 = very weak, 20-40 = weak, 40-60 = fair, 60-80 = good, 80-100 = strong. Entropy formula: length × log2(character set size). A 12-character mixed password has ~70 bits entropy (centuries to crack). Aim for 60+ bits. Avoid dictionary words, repeating characters (aaa), sequential patterns (123, abc), and common substitutions (P@ssw0rd). All analysis happens in browser - passwords never sent to servers.
Test password strength and security. Analyze entropy, crack time, and get feedback on how to improve password security. Never stores passwords.
Password to Check
Your password is never sent to a server - all analysis happens in your browser
How to Use
- Enter your value in the input field
- Click the Calculate/Convert button
- Copy the result to your clipboard
Frequently Asked Questions
- How is password strength calculated?
- Password strength is calculated based on length, character variety (uppercase, lowercase, numbers, symbols), entropy (bits of randomness), and absence of common patterns. Entropy formula: length × log2(character set size). A strong password has 60+ bits of entropy. For example, "P@ssw0rd123" has low strength due to dictionary words and common substitutions, while "k9#mX$pL2Qr7" has high strength.
- What is a good password strength score?
- Password strength meters typically score 0-100. Scores: 0-20 = very weak, 20-40 = weak, 40-60 = fair, 60-80 = good, 80-100 = strong. Aim for 80+ (strong) for important accounts. A 12-character password with mixed case, numbers, and symbols typically scores 80+. Length is most important—16 characters of mixed types scores 90+.
- How long does it take to crack a password?
- Crack time depends on password entropy and attacker resources. With 10 billion guesses/second (modern GPU): 8-character all-lowercase = seconds, 8-character mixed = days, 12-character mixed = centuries, 16-character mixed = billions of years. Entropy matters: 40 bits = hours, 60 bits = years, 80 bits = millennia. Add 2FA for additional protection.
- Is my password safe when I check its strength online?
- On reputable password strength checkers (like this one), yes. This tool analyzes passwords entirely in your browser using JavaScript—nothing is sent to a server. Check for "client-side" or "never stored" disclaimers. Avoid sites without HTTPS or that require account creation. Best practice: use a trusted password manager's built-in strength meter.
- What is password entropy and why does it matter?
- Entropy measures password unpredictability in bits. Higher entropy = exponentially harder to crack. Formula: log2(possible combinations). Each additional bit doubles crack difficulty. 40 bits = 1 trillion combinations, 60 bits = 1 quintillion, 80 bits = 1.2 septillion. Increase entropy by: adding length (best), using diverse characters, avoiding patterns. Aim for 60+ bits for security.
- Why is my long password marked as weak?
- Length alone doesn't guarantee strength. A password like "passwordpasswordpassword" (24 characters) is weak because it repeats dictionary words. Patterns like "abcdefgh12345678" or "qwertyuiopasdfgh" are also weak despite length. Strong passwords need: length + character variety + no patterns + no dictionary words. Use random generation or passphrases like "correct-horse-battery-staple".