🔐 Password Strength Calculator
Pick a length and the character sets you'd use, and see the estimated entropy, a weak-to-strong rating, and how long an offline attacker would take to crack it. Nothing you type leaves your browser.
🛡️ Entropy & Crack Time, Estimated
What is a Password Strength Calculator?
It turns a password's length and character variety into an entropy figure in bits, then projects how long a fast offline attacker would need to brute-force it. The result is a quick, intuitive sense of whether a password policy or a single password is actually robust.
Use it to set sensible length and complexity rules, or to make the case for a password manager. The numbers are estimates for planning — real strength also depends on whether the password is predictable or already leaked, so verify your approach against your own security policies.
❓ Frequently Asked Questions
How is password strength measured?
This tool estimates entropy — a measure of unpredictability in bits. It multiplies the password length by the log base 2 of the character pool size (lowercase adds 26, uppercase 26, digits 10, symbols 32). More length and a larger pool both raise entropy, and higher entropy means exponentially more guesses to crack.
What does the crack time mean?
It models an offline attacker who has stolen a password hash and can try about ten billion guesses per second on fast hardware. The figure is the average time to find your password by brute force at that rate. It's an estimate for planning, not a guarantee — a slower or faster attacker changes the number dramatically.
Why does my real password feel weaker than the rating?
Entropy assumes a truly random password. If yours is a dictionary word, a known leaked string, a name with a year, or a keyboard pattern, an attacker uses smarter guessing than brute force and cracks it far faster than the entropy suggests. Always use unique, randomly generated passwords.
How long should a strong password be?
With a mixed pool of lowercase, uppercase, digits, and symbols, around 12 to 16 characters reaches the Strong-to-Very-strong range. The simplest way to get there reliably is a password manager that generates long random passwords for every account so you never reuse one.