Check password strength and reliability. Estimate crack time, entropy, and improvement recommendations
Checks
Recommendations
Password strength check runs entirely in your browser — the password is never sent anywhere.
Entropy: a measure of password randomness in bits. The more bits, the harder the password is to crack. 40+ bits — acceptable, 60+ — good, 80+ — excellent.
Crack time: estimated brute-force time at 10 billion attempts per second (powerful GPU cluster).
Recommendations: Use passwords of 12+ characters, combine letters, digits, and special characters. Don't reuse passwords across different services.
Password Strength Checker — Online Security Analysis
The analyzer evaluates password strength by entropy, character set size, and dictionary attacks. Shows crack times at different attack speeds and specific improvement recommendations.
Password Entropy
Entropy (bits) = length × log₂(alphabet_size). The higher, the harder to crack:
| Character set | Size | Bits per character |
|---|---|---|
| Lowercase only (a–z) | 26 | 4.7 |
| Lower + uppercase | 52 | 5.7 |
| Letters + digits | 62 | 5.95 |
| All printable ASCII | 95 | 6.57 |
Crack Times
| Scenario | Speed | 60-bit password |
|---|---|---|
| Online (with throttling) | 10 tries/sec | 3 billion years |
| Offline (MD5) | 10B/sec | 36 years |
| Offline (bcrypt) | 10K/sec | 3.6 trillion years |
Common Weak Passwords
Millions of leaked credential databases reveal the same patterns. These passwords are checked first in any dictionary attack:
| Rank | Password | Why it's weak |
|---|---|---|
| 1 | 123456 | Sequential digits, in every dictionary |
| 2 | password | Literal dictionary word |
| 3 | qwerty | Keyboard pattern |
| 4 | letmein | Common phrase |
| 5 | admin | Default credential |
How to avoid weak passwords: use at least 12 characters, mix character types, or switch to passphrases of 4+ random words. Avoid names, dates, and any dictionary word on its own.
Frequently Asked Questions
Is it safe to enter a password here?
Yes. Analysis runs in the browser. The password is not sent to a server. For important accounts, use a similar test variant.
Why are long passphrases better than short random passwords?
"CorrectHorseBatteryStaple" (25 chars) has ~117 bits of entropy as a passphrase and is easy to remember. A random 12-char password has ~79 bits.
For strong password generation use the password generator.
Useful articles
WCAG Color Contrast: Website Accessibility Guide
A complete guide to color contrast: WCAG 2.1 standards, AA and AAA levels, calculation formula, practical examples of good and bad contrast, and how to fix accessibility issues.
CSS Border Radius: Rounding Element Corners
How to use border-radius: syntax, shorthand notation, elliptical corners. Online border-radius generator.