What is entropy and why does it matter for passwords?

Entropy measures how many bits of randomness a password contains: length × log₂(character pool size). Aim for at least 80 bits of entropy for a very strong password.

🔐 Security

Password Strength Checker

Q: Is my password sent to a server when I check it?

No. The password analysis runs entirely in your browser using JavaScript. Your password is never transmitted anywhere.

Q: What makes a password strong?

A strong password has length (16+ characters), variety (uppercase, lowercase, digits and symbols), unpredictability (no dictionary words or patterns), and uniqueness (not reused across sites).

Q: How is the crack time estimated?

The crack time assumes an attacker running 10 billion guesses per second — achievable with a modern GPU cluster. The calculation uses entropy: time = 2^entropy / (2 × 10 billion).

Q: My password is long but still scored Fair — why?

A long password made only of lowercase letters has a small character pool (26 characters). Adding uppercase, digits, and symbols expands the pool to 94 characters, giving far higher entropy for the same length.

Type or paste a password to instantly see its strength, entropy, and how long it would take to crack. Your password never leaves your browser.

Enter your password

How strength is calculated

Password strength is measured in bits of entropy — the mathematical uncertainty a brute-force attacker faces. Entropy is calculated as length × log₂(pool size), where pool size is the number of distinct character types used (lowercase 26, uppercase 26, digits 10, symbols ~32). The crack-time estimate assumes an attacker running 10 billion guesses per second (modern GPU). Your password is never sent anywhere — analysis happens entirely in JavaScript.

Frequently Asked Questions

Is my password sent to a server when I check it?

No. The password strength analysis runs entirely in your browser using JavaScript. Your password is never transmitted anywhere — it stays on your device. This makes the tool safe to use even for real passwords you are considering using.

What makes a password "strong"?

A strong password has: length (16+ characters), variety (mix of uppercase, lowercase, digits and symbols), unpredictability (no dictionary words, names or patterns), and uniqueness (not reused across sites). This tool scores passwords on all these factors.

How is the crack time estimated?

The estimated crack time assumes an attacker running 10 billion guesses per second — achievable with a modern GPU cluster. The calculation uses entropy bits: time = 2^entropy / (2 × 10,000,000,000). Real crack times vary based on attacker hardware and whether common patterns are used.

What is "entropy" and why does it matter?

Entropy measures how many bits of randomness a password contains, calculated as length × log₂(character pool size). Higher entropy means more possible combinations for an attacker to try. Aim for at least 80 bits of entropy for a very strong password.

My password is long but still scored "Fair" — why?

A long password made of only lowercase letters has a small character pool (26 characters), which limits entropy. Adding uppercase letters, digits, and symbols expands the pool to 94 characters, giving far higher entropy for the same length. For example, 12 lowercase-only characters (~56 bits) is weaker than 12 mixed-type characters (~79 bits).

Browse all tools Generate a Password