See a password's entropy and estimated crack time as you type, plus tips to make it stronger. Runs entirely offline — nothing is uploaded.
Nothing you type leaves this page.
Strength estimate, live as you type.
The strength meter is driven by entropy — a measure of how many guesses an attacker would need on average to find your password. Entropy grows with both length and the variety of character types you use, but length is the bigger lever. A 20-character passphrase of ordinary words often beats a short, cryptic-looking password.
The estimated crack time assumes a determined offline attacker with fast hardware. If a password can be cracked in days or less, treat it as unsafe for anything important. Because this tool runs on your device, you can safely test real passwords without them ever leaving your browser.
Yes. The check runs entirely in your browser using JavaScript — your password is never sent to a server, logged, or stored. You can even disconnect from the internet and it will still work.
Entropy, measured in bits, describes how unpredictable a password is. Each extra bit doubles the number of guesses an attacker needs. Below ~40 bits is weak; 70+ bits is strong for most purposes.
It assumes a strong offline attacker making about 10 billion guesses per second against a fast hash. Real-world times vary with the hashing algorithm and hardware, so treat it as a relative guide, not a guarantee.
Add length. A longer password or a multi-word passphrase gains entropy far faster than adding a symbol or two to a short one.