Is my password sent anywhere?

No. The check runs entirely in your browser using JavaScript. Your password never leaves your device — it is not uploaded, logged or stored by anyone.

How is the strength calculated?

We estimate entropy in bits as the password length multiplied by log2 of the character-pool size (which classes of characters you used). More length and more variety means more bits and a stronger password.

What is a good number of bits?

Under 40 bits is weak, 60+ is strong and 90+ is very strong. A 16-character password mixing upper and lower case, numbers and symbols comfortably exceeds 90 bits.

Password Strength Checker — Free & Private

Password Strength Checker

Find out how strong your password really is — see its entropy in bits, a clear strength rating and tailored tips. Everything happens 100% in your browser; your password is never sent anywhere.

Enter a password to test its strength

Type a password to check it

Entropy (bits)

Length

Character pool

—

Time to crack*

*Rough estimate for a fast offline attacker at ~10 billion guesses per second.

🔒 100% private — runs in your browser, never uploaded.

How to use it

Type or paste a password into the box above. Use the Show button to reveal what you typed.
Watch the strength bar and rating update instantly as you type.
Check the entropy in bits and the estimated time to crack it.
Follow the suggestions below the meter to make a weak password stronger.

What does "password strength" actually mean?

Strength is about how hard a password is to guess. The standard way to measure that is entropy, expressed inbits. Each extra bit doubles the number of guesses an attacker must make. This tool estimates entropy as the password length multiplied by the base-2 logarithm of the character-pool size — the number of distinct characters you could have chosen from. Using lowercase letters gives a pool of 26; adding uppercase makes 52; adding digits makes 62; adding symbols pushes it to roughly 95. So a longer password that mixes character types has many more possible combinations, which is exactly what makes it hard to crack.

Because entropy grows with length, length is the single biggest factor. A 16-character passphrase usually beats a short password full of symbols. As a rough guide: under 40 bits is weak, 60 bits is strong, and 90+ bits is very strong and well beyond the reach of today's offline attacks.

Is it private?

Yes — completely. The checker is plain JavaScript that runs on your own device. Your password is analysed in memory in your browser and is never transmitted, logged or stored — not by us, not by anyone. There are no network requests when you type, so you can safely test even a real password. For peace of mind you can disconnect from the internet and it will still work. Of course, the safest place to keep a strong password is a reputable password manager.

Frequently asked questions

Does it check against a breach database?

No — that would require sending data online. This tool measures strength locally from length and character variety, and flags a handful of obviously common passwords.

Why does adding symbols help so much?

Symbols enlarge the character pool, which raises the entropy per character. Combined with extra length, that grows the number of possible passwords exponentially.

Is a long passphrase better than a short complex one?

Usually yes. Because entropy scales with length, four random words are typically harder to crack than a short string of mixed symbols — and far easier to remember.