Password Strength Checker
Type a password to see how long it would survive a modern cracking rig. Everything runs in your browser; nothing you type ever leaves this page.
Checked locally in your browser. Nothing you type is sent, stored, or logged.
What actually makes a password strong
Attackers do not sit and guess passwords by hand. They run cracking software against stolen password databases, testing billions of combinations per second on ordinary gaming hardware. That software tries the obvious things first: real words, names, dates, keyboard walks like qwerty, and every password that has ever appeared in a breach, along with common variations like capitalizing the first letter or adding an exclamation point.
That is why length matters more than anything else. Each additional character multiplies the number of guesses an attacker needs. A truly random 16 character password holds up against serious hardware for centuries. An 8 character one, even with symbols, can fall in hours.
The three rules worth following
First, aim for 16 characters or more. Second, never reuse a password: a breach at one minor forum becomes a master key to your email if they share a password. Third, let software do the remembering. A password manager generates and stores a unique random password for every account, and you only memorize one strong passphrase to unlock it. If you need one now, our password generator runs right in your browser.
Frequently Asked Questions
Is it safe to type a password into this page?
The checker runs entirely in your browser using JavaScript. Nothing you type is sent to our server, stored, or logged. That said, a good habit is to never type a real password into any website except the one it belongs to, so feel free to test a password with the same structure instead of the exact one.
What makes a password strong?
Length beats cleverness. A 16 character password of random words is far stronger than 8 characters of symbols. The three rules that matter: make it long (16 or more characters), make it unique to each account, and avoid personal details, dictionary words with a number stuck on the end, and keyboard patterns.
How is the crack time estimated?
We estimate the number of guesses an attacker would need based on the length and variety of your password, minus penalties for common words and predictable patterns. The time shown assumes an offline attack testing 10 billion guesses per second, which is realistic for a single modern GPU rig. Real attackers may be faster or slower.