EncryptCodecencryptcodec
Tools/Password Strength Checker

Password Strength Checker

Entropy-based password analysis with real-time feedback. We never store or transmit your password.

Your password never leaves your browser — ever

How Password Entropy Works

Entropy (measured in bits) represents how many guesses an attacker would need on average. A password with 60+ bits of entropy is considered strong for most purposes. We calculate it aslength × log₂(charset_size). A 12-character password mixing all character types achieves ~78 bits — effectively uncrackable by brute force.

How it works
Password Strength Analysis (zxcvbn)
01Pattern matching

Scans for dictionary words, names, common passwords, dates, keyboard walks (qwerty), and repeated sequences

02Variations

Accounts for common substitutions (@ for a, 3 for e), capitalization patterns, and leet speak

03Estimated guesses

Assigns a guess count — the number of guesses an attacker would need in the worst case

04Crack times

Guess count converted to time at multiple attack speeds: online throttled, online unthrottled, offline slow/fast hash

05Score 0–4

0=too guessable, 1=very guessable, 2=somewhat guessable, 3=safely unguessable, 4=very unguessable

Spec: zxcvbn (Dropbox, 2012) — realistic attack modeling, not character-class rules

Length beats complexity. 'correct horse battery staple' (4 random words) scores 4. 'P@ssw0rd1!' scores 1. Passphrases are both more secure and more memorable.

Frequently Asked Questions

Keep learning

Password Cracker
See how fast passwords crack
Game
Brute Force Simulation
Watch a brute force attack in real time
Simulation
Password Hashing in 2025
Modern password storage guide
Guide