How is entropy calculated?

Entropy is computed as length × log₂(pool size), where pool size is the number of distinct character types used (26 lowercase + 26 uppercase + 10 digits + 32 symbols).

How is crack time estimated?

Crack time is estimated by dividing the total number of combinations (2^entropy) by the attacker's guessing speed. Four speeds are shown: online attack (100/s), offline slow hash (1K/s), fast hash (1B/s), and GPU cluster (100B/s).

Is my password sent to a server?

No. The checker runs entirely in your browser. Your password is never transmitted or stored anywhere.

What entropy is considered strong?

Generally, 60+ bits is fair for low-risk accounts, 80+ bits is good, and 100+ bits is strong. For high-value accounts aim for 80 bits or more.

Private by defaultRuns in your browser

Password strength checker

Type or paste any password to instantly see its entropy, strength rating, and how long it would take to crack at various attack speeds.

Quick samplesClick to test

Fair56.9 bits entropy

✓ Lowercase✗ Uppercase✓ Numbers✗ Symbols✗ 11 chars

Estimated crack time

Online attack (100/s)Centuries

Offline slow hash (1K/s)Centuries

Offline fast hash (1B/s)4 years

GPU cluster (100B/s)16 days

Strength Checker

About this tool

Test any password to see entropy bits, estimated crack time (online and offline attacks), and a full character composition breakdown. Runs in your browser.

Type or paste any password to instantly see its entropy, strength rating, and how long it would take to crack at various attack speeds.

No signup requiredRuns in your browserInstant results

How to use

1
Type or paste any password into the input field.
2
The tool instantly shows entropy (in bits), strength rating, and estimated crack times.
3
Review the character composition breakdown to see which character types are present.
4
Adjust your password based on the feedback to increase its strength.

Why use this tool?

→
Audit existing passwords to find weak ones before they get compromised.
→
Test a candidate password before setting it to ensure it meets your security bar.
→
Understand the real-world impact of adding symbols or length to a password.

ExamplesInput → output

Weak password

Inputpassword123

Output~37 bits — Very Weak (cracked in seconds)

Mixed-case with symbols

InputP@ssw0rd!

Output~53 bits — Fair (hours at offline speed)

Long random password

InputX#9kLm$2pQr8!nVz

Output~105 bits — Strong (centuries at GPU speed)

Frequently asked questionsCommon questions answered

These answers explain common strength checker tasks, expected input formats, and edge cases so both visitors and search engines can understand what this tool does.

How is entropy calculated?: Entropy is computed as length × log₂(pool size), where pool size is the number of distinct character types used (26 lowercase + 26 uppercase + 10 digits + 32 symbols).
How is crack time estimated?: Crack time is estimated by dividing the total number of combinations (2^entropy) by the attacker's guessing speed. Four speeds are shown: online attack (100/s), offline slow hash (1K/s), fast hash (1B/s), and GPU cluster (100B/s).
Is my password sent to a server?: No. The checker runs entirely in your browser. Your password is never transmitted or stored anywhere.
What entropy is considered strong?: Generally, 60+ bits is fair for low-risk accounts, 80+ bits is good, and 100+ bits is strong. For high-value accounts aim for 80 bits or more.