Password Strength Test
Instantly analyze the strength of any password. Our checker measures entropy, detects common patterns, and estimates how long a brute-force attack would take. Your password is never stored or transmitted to third parties.
What Makes a Password Strong?
Password strength is primarily determined by entropy - A measure of unpredictability. The higher the entropy, the more guesses an attacker needs on average. Entropy is calculated from the character set size and password length.
Strength by Character Set
Strong Password Checklist
- At least 12 characters long (16+ recommended)
- Contains uppercase and lowercase letters
- Includes numbers and special characters
- Not based on dictionary words or names
- Not reused from any other account
- Does not follow keyboard patterns (qwerty, 123456)
- Not derived from personal information (birthdate, name)
Entropy Reference Table
| Entropy (bits) | Strength | Recommended For |
|---|---|---|
| < 28 | Very Weak | Not recommended for any use |
| 28 – 35 | Weak | Low-value, temporary accounts only |
| 36 – 59 | Moderate | Non-critical personal accounts |
| 60 – 127 | Strong | Most online accounts and services |
| 128+ | Very Strong | Encryption keys, critical systems |
Frequently Asked Questions
The password is submitted in a standard HTML form POST over HTTPS. It is analyzed in memory and immediately discarded - It is never written to a database, log file, or any storage.
Aim for a score of 3 or 4. A score of 4 (60+ bits of entropy) means the password would take years to crack even with offline GPU attacks. For financial or health accounts, always use score 4.
Length helps, but predictable patterns (like repeating words or sequences) reduce effective entropy. Our analyzer detects common patterns and adjusts the score accordingly. A truly random 12-character password beats a 20-character dictionary phrase.
A passphrase is a string of random words (e.g. correct-horse-battery-staple). Four or more random words from a large wordlist can achieve 50+ bits of entropy - Strong enough for most uses, and much easier to remember than a random character string.