Password Strength Checker – Entropy & Crack Time Estimate password strength and entropy locally.
100% offline

Checked locally — your password is never logged or uploaded.

Strength

Very strong

Entropy

118.3bits

Est. crack time

centuries

Suggestions

  • Looks good. Consider a unique passphrase per site and a password manager.

18 chars · 95-symbol pool · 118.3 raw bits

About Password Strength Checker – Entropy & Crack Time

A password's real strength isn't about a magic mix of symbols — it's about how many guesses an attacker would need before they land on it. This password strength checker estimates that for you: it measures the character pool and length to compute password entropy in bits, then penalises predictable patterns like repeats, sequences, keyboard runs, and common leaked passwords to give an honest 0–4 score.

Alongside the score you get an entropy readout, an estimated crack time at a fast offline guess rate, and specific warnings and suggestions so you know exactly what to fix — add length, mix character classes, or drop that dictionary word.

Everything runs in your browser with hand-rolled, dependency-free logic. Your password is never logged, stored, or uploaded, so the tool works completely offline and is safe to use even for passwords you actually rely on.

Features

  • Shannon-style entropy estimate from charset pool size and length
  • A clear 0–4 strength score with Very weak → Very strong labels
  • Penalties for repeats, sequences, keyboard runs, and common passwords
  • Estimated crack time plus concrete, actionable suggestions
  • Fully offline — your password never leaves your device

How to use

  1. Type or paste a password into the masked input field.
  2. Toggle Show to reveal it if you want to double-check what you typed.
  3. Read the strength meter, entropy in bits, and estimated crack time.
  4. Follow the warnings and suggestions to make the password stronger.

Frequently asked questions

How is password strength calculated?

The tool counts the size of the character pool your password draws from (lowercase, uppercase, digits, symbols) and multiplies its bit-value by the length to get an entropy estimate. It then subtracts penalties for predictable patterns — repeated characters, sequences like "abc" or "123", keyboard runs like "qwerty", and matches against a built-in list of common passwords — and maps the result to a 0–4 score.

What is password entropy in bits?

Entropy in bits measures unpredictability: each extra bit doubles the number of guesses needed. Roughly, under 28 bits is very weak, 40–60 is fair, and 80+ is strong against offline attacks. Longer passwords with a mix of character types have more entropy than short or pattern-based ones.

How is the crack time estimated?

It assumes an offline attacker making about 10 billion guesses per second — a realistic rate for a GPU rig against a weak password hash. The estimate uses your password's effective entropy after penalties, so common or patterned passwords show as "instantly" even if they look long.

Is it safe to type my real password here?

Yes. All analysis happens locally in your browser with hand-rolled JavaScript — there is no zxcvbn download, no server call, and no logging. Your password never leaves your device, and the tool keeps working with the network disconnected.

Why does this differ from other strength meters?

Many meters only check for the presence of character classes, which overrates passwords like "Password123!". This checker estimates real entropy and applies pattern penalties, so predictable passwords score low regardless of which character types they contain.

Related tools

UUID Generator — v4, v7, GUID & ULID Online (Bulk) Generate RFC-4122 v4 identifiers Hash Generator — SHA-256, SHA-1 & SHA-512 Online SHA-1, SHA-256 and SHA-512 digests Strong Password & Passphrase Generator – Diceware Generate strong passwords or memorable passphrases.

Everything runs locally in your browser — your input is never uploaded.