Check how strong your password really is — entropy, crack time, and fixes.
Enter a Password
Analysis
Estimated crack time
Fast GPU (1010 guesses/sec) · worst-case exhaustive search
Character types used
Suggestions
How entropy is calculated: Shannon entropy = length × log₂(charset size). Charset size grows as you add lowercase (26), uppercase (+26), digits (+10), and symbols (+32). Penalties apply for common passwords, keyboard walks, and repeated patterns. Crack time assumes 10¹⁰ guesses/second — a realistic fast GPU on a weak hash (MD5/SHA1). For bcrypt/Argon2, real-world times would be vastly longer. Your password is never transmitted anywhere.
Our free password strength checker measures your password's true security using Shannon entropy — the gold standard for randomness — and estimates how long it would take a fast GPU to crack it. Get instant feedback on character variety, common-password patterns, keyboard walks, and repeated sequences, plus clear suggestions to fix any weaknesses. Everything runs locally in your browser.
Entropy measures how unpredictable a password is, expressed in bits. It is calculated as: length × log₂(charset size). A 12-character password mixing lowercase, uppercase, digits, and symbols has roughly 79 bits of entropy — each extra bit doubles the guessing work for an attacker.
Crack time assumes a worst-case exhaustive search at 10 billion guesses per second, which is realistic for fast algorithms like MD5 on a modern GPU. For stronger hashing algorithms (bcrypt, Argon2), real-world crack times would be enormously longer. The estimate shows the theoretical lower bound.
No. The entire analysis runs in JavaScript inside your browser. Your password is never transmitted over the network, stored in any database, or logged anywhere. You can disconnect from the internet before typing if you prefer.
A password built from lowercase letters only draws from a charset of 26 symbols. Adding uppercase (+26), digits (+10), and symbols (+32) nearly doubles the charset to 94, which multiplies entropy per character significantly. Both length AND variety matter for strong passwords.