Password Strength Checker
Test how strong your password is. Real-time entropy calculation, crack time estimation, and actionable security recommendations.
How Password Strength Is Measured
Password strength is calculated using entropy, character diversity, length, and common pattern detection.
Key Factors
- Length — Longer passwords are exponentially harder to crack. Aim for 12+ characters.
- Character Diversity — Using lowercase, uppercase, digits, and symbols increases the search space.
- Entropy (bits) — E = L × log₂(N). Higher entropy means more guesses needed to crack it.
- Common Patterns — Keyboard sequences (qwerty), repeated characters, and dictionary words weaken passwords.
- Crack Time — Estimated time for an offline brute-force attack based on current hardware speeds.
Frequently Asked Questions
Common questions about password security and strength testing.
A strong password is long (12+ characters), uses a mix of character types (uppercase, lowercase, digits, symbols), avoids common words and patterns, and is unique to each account. Entropy above 60 bits is generally considered strong.
Entropy measures the unpredictability of a password in bits. It is calculated as E = L × log₂(N) where L is the length and N is the number of possible characters per position. Each bit doubles the number of guesses needed. 80+ bits is excellent.
Crack time is estimated based on the total number of possible combinations (N^L) divided by a realistic guess rate for offline attacks (about 10 billion guesses per second for modern hardware). The actual time depends on the attacker's resources and hash algorithm used.
Common passwords like "password", "123456", and "qwerty" are the first ones attackers try in dictionary attacks. Even if they have good entropy on paper, their prevalence makes them extremely vulnerable. Always use unique, randomly generated passwords.