Analyze your password security — 100% client-side
This tool evaluates your password using multiple criteria: character diversity, length, entropy calculation, common pattern detection (keyboard sequences like "qwerty", repeated characters, sequential numbers), and dictionary word matching. The entropy score measures the theoretical randomness in bits — higher is better. Crack time estimates assume a powerful attacker performing 10 billion guesses per second, which represents a realistic modern GPU-based attack. For maximum security, use a password manager to generate and store unique passwords for every account.
No. All password analysis is performed entirely in your browser using JavaScript. Your password never leaves your device — no network requests are made with your password data. You can verify this by disconnecting from the internet and using the tool offline.
A strong password is at least 12 characters long, uses a mix of uppercase and lowercase letters, numbers, and special characters, avoids dictionary words and common patterns (like qwerty or 123456), and is unique for each account. Passphrases — multiple random words strung together — are both strong and memorable.
Entropy measures password randomness in bits. Higher entropy means more possible combinations an attacker must try. A password with 40 bits of entropy has about 1 trillion combinations, while 80 bits has about 1.2 septillion. Aim for at least 60 bits of entropy for important accounts.
Crack time estimates assume an attacker using a modern GPU capable of billions of guesses per second. The estimate is based on the password entropy (number of possible combinations) divided by the assumed attack speed. Real-world times vary based on the hashing algorithm used and the attacker's resources.