Password Strength Checker
Estimate password entropy and time-to-crack using the zxcvbn algorithm. Shows realistic crack time estimates under different attack scenarios — far more accurate than simple strength bars.
How to use the password strength checker
Type a password. Strength is estimated using the zxcvbn library, which models real cracking patterns (dictionary words, sequences, keyboard runs, leetspeak, dates) — not just length and character classes.
Formula & explanation
zxcvbn returns a 0–4 score and an estimated number of guesses. Crack times are derived from the guess count divided by typical attacker speeds (online unthrottled ≈ 10/s; offline GPU ≈ 10¹⁰/s).
Examples
'password' = score 0. 'Password1!' = score 1 (predictable pattern). 'correct horse battery staple' = score 4. A 16-char random string = score 4.
Frequently asked questions
- Why is 'P@ssw0rd!' weak?
- zxcvbn knows about leetspeak substitutions and common passwords — those tricks add almost no real security.
- Is my password sent anywhere?
- No. Everything runs locally in your browser.
Related network & security tools
- Hash GeneratorGenerate MD5, SHA-1, SHA-256, and SHA-512 hashes of any string. Useful for checksums, data integrity verification, and understanding hash output lengths for each algorithm.
- SSL Certificate DecoderPaste a PEM-encoded SSL/TLS certificate to inspect issuer, subject, SANs, validity period, public key, and signature algorithm. Everything runs in your browser — no certificate is uploaded.
- IP/CIDR Subnet CalculatorCompute subnet range, network mask, broadcast address, and usable host count for any IPv4 CIDR block. Also shows all subnets when you split a block — useful for network planning.