Password Strength Test

Q: Is my password sent to your server?

The password is submitted in a standard HTML form POST over HTTPS. It is analyzed in memory and immediately discarded - It is never written to a database, log file, or any storage.

Q: What score should I aim for?

Aim for a score of 3 or 4. A score of 4 (60+ bits of entropy) means the password would take years to crack even with offline GPU attacks. For financial or health accounts, always use score 4.

Q: Why is a long simple password sometimes weaker than a short complex one?

Length helps, but predictable patterns (like repeating words or sequences) reduce effective entropy. Our analyzer detects common patterns and adjusts the score accordingly. A truly random 12-character password beats a 20-character dictionary phrase.

Q: What is a passphrase and is it secure?

A passphrase is a string of random words (e.g. correct-horse-battery-staple). Four or more random words from a large wordlist can achieve 50+ bits of entropy - Strong enough for most uses, and much easier to remember than a random character string.

Instantly analyze the strength of any password. Our checker measures entropy, detects common patterns, and estimates how long a brute-force attack would take. Your password is never stored or transmitted to third parties.

What Makes a Password Strong?

Password strength is primarily determined by entropy - A measure of unpredictability. The higher the entropy, the more guesses an attacker needs on average. Entropy is calculated from the character set size and password length. Our explainer on password entropy covers exactly how those bits are calculated.

Strength by Character Set

4 chars, digits only

13 bits

8 chars, lowercase

38 bits

12 chars, mixed case

68 bits

16 chars, full set

105 bits

20 chars, full set

131 bits

5-word passphrase

~65 bits

Strong Password Checklist

If your password misses any of these points, follow our step-by-step guide on how to create a strong password.

At least 12 characters long (16+ recommended)
Contains uppercase and lowercase letters
Includes numbers and special characters
Not based on dictionary words or names
Not reused from any other account
Does not follow keyboard patterns (qwerty, 123456)
Not derived from personal information (birthdate, name)

Entropy Reference Table

Entropy (bits)	Strength	Recommended For
< 28	Very Weak	Not recommended for any use
28 – 35	Weak	Low-value, temporary accounts only
36 – 59	Moderate	Non-critical personal accounts
60 – 127	Strong	Most online accounts and services
128+	Very Strong	Encryption keys, critical systems

Frequently Asked Questions

Is my password sent to your server?

The password is submitted in a standard HTML form POST over HTTPS. It is analyzed in memory and immediately discarded - It is never written to a database, log file, or any storage.

What score should I aim for?

Aim for a score of 3 or 4. A score of 4 (60+ bits of entropy) means the password would take years to crack even with offline GPU attacks. For financial or health accounts, always use score 4.

Why is a long simple password sometimes weaker than a short complex one?

Length helps, but predictable patterns (like repeating words or sequences) reduce effective entropy. Our analyzer detects common patterns and adjusts the score accordingly. A truly random 12-character password beats a 20-character dictionary phrase.

What is a passphrase and is it secure?

A passphrase is a string of random words (e.g. correct-horse-battery-staple). Four or more random words from a large wordlist can achieve 50+ bits of entropy - Strong enough for most uses, and much easier to remember than a random character string.

Related Tools

Password Generator PIN Generator Breach Check Privacy Scan