Password Strength Checker

What is Password Strength Checker?

The Password Strength Checker is a free in-browser tool that estimates how resistant a password is to guessing. It uses zxcvbn, a realistic strength estimator that recognises dictionary words, common passwords, keyboard patterns, repeats, and date sequences instead of just counting character classes. Developers, security-minded users, and anyone setting up a new account use it to sanity-check a password before relying on it: the score (0 to 4) maps to a strength label, the crack-time scenario selector switches between an online throttled attack, an online attack with no rate limiting, a slow offline hash, and a fast offline hash, and the warning and suggestion lines tell you exactly what makes a weak password weak. Because nothing leaves the page, it is safe to test real passwords.

How to use Password Strength Checker

1. Type or paste a password into the Password field; the analysis updates on its own as you type.
2. Read the Score (0 to 4) and its strength label to judge the password at a glance.
3. Open Settings and choose an Attack scenario to see the estimated crack time under that threat model.
4. Check the Crack time, entropy, and guesses figures for a quantitative view of the strength.
5. Read the warning and suggestions, then revise the password and watch every figure update.

Examples

password123

Score 0 (Very weak); warning: this is similar to a commonly used password; crack time under the fast offline scenario: less than a second.

P@ssw0rd

Score 1 (Weak); predictable substitutions add little; suggestion: add another word or two.

correct-horse-battery-staple-92!

Score 4 (Very strong); high entropy; crack time under the slow offline scenario: centuries.

Frequently asked questions

Is my password sent anywhere?

No. The password is analysed entirely inside your browser by a library that is loaded on demand. Nothing you type is uploaded, logged, or stored on any server, so the tool works offline and it is safe to test real passwords here.

What does the 0 to 4 score mean?

It is the zxcvbn score. 0 is very weak and easily guessed, 1 protects only against throttled online guessing, 2 against unthrottled online guessing, 3 gives moderate protection against a slow offline crack, and 4 is strong against a slow offline crack. Aim for 3 or 4 for anything that matters.

Why does the crack time change when I switch scenarios?

Crack time depends on how fast an attacker can guess. A rate-limited online login allows very few attempts, while a stolen database with a fast hash can be attacked billions of times per second. The Attack scenario selector lets you see the estimate under each of these threat models.

What is entropy and the guesses number?

The guesses figure is roughly how many attempts an attacker would need; entropy is its base-10 magnitude, a compact way to compare passwords. Both are estimates from the password's structure, not a guarantee, but higher is better.

Does a high score guarantee my password is safe?

No tool can guarantee safety. The score estimates resistance to common guessing strategies, but reusing a strong password across sites, phishing, or a leak can still expose it. Use a unique password per site and a manager when you can.