Is my password sent anywhere when I test it?

No. This password strength meter runs entirely in your browser using JavaScript. The password is analysed in memory on your device and is never uploaded, logged, or stored anywhere.

How is password strength measured?

Strength is estimated from entropy in bits = length × log2(character pool size). A longer password drawn from a larger mix of lowercase, uppercase, digits and symbols has more entropy and takes exponentially longer to crack.

How long should a strong password be?

For most accounts a password of 16 or more mixed characters, or a passphrase of 4+ random words, reaches the "very strong" band — roughly 80+ bits of entropy, which is impractical to brute-force even with a fast GPU rig.

What crack speed does the estimate assume?

It assumes a fast offline attacker making about 100 billion guesses per second against a stolen password hash. Online attacks are far slower, so this is a deliberately conservative worst case.

Why is a common password rated very weak even if it is long?

Passwords like "password1" or "iloveyou" appear in every leaked-password dictionary, so attackers try them first. Length does not help if the password is already on a public list.

Password Strength Meter

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

The Password Strength Meter estimates how secure a password is and how long it would take an attacker to crack it — without ever sending the password anywhere. Everything is calculated locally in your browser, so the password you type never leaves your device.

How strength is calculated

The meter measures entropy, the number of bits of randomness in a password. Entropy rises with both length and the size of the character pool you draw from:

entropy (bits) = length × log₂(pool size)

A pool of lowercase letters is 26 symbols; adding uppercase, digits and punctuation grows it to roughly 95. A 12-character password from the full pool has about 79 bits of entropy — strong. The same 12 characters of only lowercase letters has about 56 bits — merely fair.

Crack-time estimate

The tool converts entropy into an estimated time to crack assuming a fast offline attacker making around 100 billion guesses per second. At that rate:

Entropy	Roughly equals	Verdict
28 bits	8 lowercase letters	Weak — cracked in seconds
40 bits	short mixed password	Fair
60 bits	10–12 mixed characters	Strong
80 bits+	16+ mixed or 4-word passphrase	Very strong

Stay safe

Use a unique password per account, prefer length over complexity (a four-word passphrase beats P@ss1!), and store them in a password manager. Every calculation here runs locally in your browser and nothing is sent to a server.