Password analyser

How strong is your password?

Type or paste a password to see its strength, entropy and an estimated time-to-crack — plus a checklist of what to improve. It is analysed entirely in your browser and is never sent or stored.

Type a password to analyse it

    Analysed locally in your browser. Nothing you type here is transmitted, logged or stored.

    What the analyser checks

    • Entropy (bits) — length × log2 of the character pool. Higher is exponentially harder to guess.
    • Time-to-crack — an estimate assuming a fast offline attack (~10 billion guesses/second). Online attacks are far slower, so treat this as a worst case.
    • Weak patterns — common breached passwords, keyboard/alphabet sequences and simple repeats are flagged because attackers try those first.
    • Composition — length and the mix of lower-case, upper-case, numbers and symbols.

    Need a better one? Generate a strong password with the generator, store it in a password manager, and use a unique password for every site. Learn more on the blog.

    Heads-up: a strength meter can't see if a password has already leaked in a data breach. Even a "Very strong" password should be unique to one account and changed if a service reports a breach.