Password Strength Checker
Test the strength of your passwords in real-time. Find out how long it would take to crack them.
How is Password Strength Calculated?
This tool uses the highly regarded zxcvbn algorithm developed by Dropbox. Unlike simple regex-based validators that just check for upper case, lower case, numbers, and symbols, zxcvbn recognizes and penalizes common patterns. It cross-references your password against massive dictionaries of common passwords, names, English words, popular culture references, and typical substitution patterns like changing "a" to "@".
Understanding the Crack Time
The estimated "time to crack" shown by our strength checker assumes an attacker is using an offline, slow hashing scenario (e.g., a bcrypt hashed database). In the real world, if your password is leaked in a poorly secured database (using MD5 or no hashing), or if an attacker is targeting an online login portal directly, the time constraints and methods vary wildly. However, an offline crack time of several centuries generally indicates a robust password.
Client-Side Privacy
Your privacy is our priority. All password strength calculations are performed entirely locally in your web browser. The password you type is never transmitted over the internet or saved on our servers.