Free Password Strength Checker
Test how strong your password really is with this free password strength checker. Get entropy analysis, estimated crack time, and specific tips to make it stronger. Everything runs in your browser, your password is never sent anywhere.
Entropy
—
Est. Crack Time
—
Character Analysis
Improvement Tips
Understanding Password Strength
Weak (0–39)
Short passwords or those with only one character type. Can be cracked in seconds to minutes with modern hardware.
Fair (40–59)
Moderate length with some character variety. May resist casual attacks but vulnerable to targeted cracking.
Good (60–79)
Good length with multiple character types. Suitable for most accounts, but consider stronger for high-value targets.
Strong / Very Strong (80–100)
Long passwords with full character variety. Effectively uncrackable with current technology. Ideal for cloud secrets and admin accounts.
Why Password Strength Matters
How Attackers Crack Passwords
Modern password cracking uses GPUs that can test billions of combinations per second. A simple 8-character password with only lowercase letters has about 209 billion combinations, which sounds like a lot but can be exhausted in under a minute on modern hardware.
Attackers also use dictionary attacks (trying common words and patterns), rainbow tables (pre-computed hash lookups), and credential stuffing (using passwords leaked from other breaches). A password strength checker helps you understand whether your password would survive these attacks.
Understanding Entropy and Crack Time
Entropy measures password randomness in bits. Each bit doubles the number of possible combinations. A password with 40 bits of entropy has about 1 trillion possible values. At 80 bits, the number is so large it would take longer than the age of the universe to brute-force.
| Entropy (bits) | Strength | Approx. Crack Time |
|---|---|---|
| < 28 | Very Weak | Seconds to minutes |
| 28 - 35 | Weak | Hours to days |
| 36 - 59 | Fair | Months to years |
| 60 - 80 | Good | Thousands of years |
| 80+ | Strong | Effectively uncrackable |
Common Password Mistakes to Avoid
- ✗ Using personal info (names, birthdays, pet names) that attackers can find on social media
- ✗ Simple substitutions like "P@ssw0rd" that are in every cracking dictionary
- ✗ Keyboard patterns like "qwerty123" or "zxcvbnm"
- ✗ Reusing the same password across multiple accounts
- ✗ Adding "!" or "1" at the end of an otherwise weak password
Instead, use a password generator to create truly random passwords, and store them in a password manager like SatisVault.
Related Tools
Manage Cloud Secrets Smarter
SatisVault lets you generate, store, and auto-fill secrets for Azure Key Vault and AWS directly from your browser.
Frequently Asked Questions
How is password strength calculated?
We score passwords based on length (up to 40 points), character variety including uppercase, lowercase, numbers, and symbols (up to 40 points), and bonus points for 16+ and 24+ character passwords. Entropy is calculated from the character pool size and password length.
Is my password sent to a server?
No. Everything runs 100% in your browser using JavaScript. Your password never leaves your device. There are no network requests, no logging, and no tracking.
What is password entropy?
Entropy measures the randomness of a password in bits. Higher entropy means more possible combinations for an attacker to try. A password with 80+ bits of entropy is considered very strong against brute-force attacks.