Password Strength Checker
Check any password against 8 security criteria. See your score, crack time estimate, and entropy bits instantly -- all in your browser, nothing ever sent to a server.
Quick Answer
What makes a password strong?
A strong password has at least 12 characters and uses uppercase letters, lowercase letters, numbers, and special symbols. Avoid dictionary words and common patterns like 123 or qwerty. A 16-character random password scores Very Strong and would take centuries to crack with modern hardware.
Password Strength Checker
All analysis happens in your browser -- your password is never sent anywhere
Criteria checklist
Your password is never stored or transmitted. All analysis runs locally in your browser.
About this tool
This tool analyzes any password against eight security criteria: three length thresholds, four character type checks (uppercase, lowercase, numbers, special characters), and a common pattern detector. Each criterion earns one point out of eight, and the score maps to a strength label from Very Weak to Very Strong. You also see an estimated crack time, an entropy score in bits, and an option to generate a cryptographically random 16-character password. Everything runs entirely in your browser -- your password never leaves your device.
The tool is useful for anyone creating a new account and wanting to verify their password meets modern security standards, developers testing password strength requirements in their applications, security teams auditing internal policies, and individuals checking whether existing passwords are strong enough to keep. The built-in generator uses the Web Crypto API to create genuinely random passwords that pass all eight criteria by default.
How it works
- 1
Type or paste your password
Enter any password into the input field. Use the eye icon to toggle visibility. Stats update in real time with every keystroke.
- 2
Review your strength score
Your score out of 8 and the color-coded bar update instantly. Red means Very Weak, orange is Weak, yellow-green is Strong, and emerald is Very Strong.
- 3
Check the criteria list
The checklist shows exactly which of the 8 criteria your password meets with green checks and which it fails with red Xs. Use this to target specific improvements.
- 4
Generate a better password if needed
Click Generate Strong Password to create a random 16-character password with all character types. It is automatically copied to your clipboard.
Password strength criteria
| Criterion | Points | Why it matters |
|---|---|---|
| 8+ characters | +1 | Absolute minimum to avoid instant brute force attacks |
| 12+ characters | +1 | Recommended minimum for most accounts by security experts |
| 16+ characters | +1 | Ideal for high-value accounts like email and banking |
| Uppercase letters (A-Z) | +1 | Expands the character set from 26 to 52 possible characters |
| Lowercase letters (a-z) | +1 | Required for full coverage of the letter character set |
| Numbers (0-9) | +1 | Expands the character set to 62 possible characters |
| Special characters (!@#...) | +1 | Expands the character set to 95, the largest possible set |
| No common patterns | +1 | Blocks dictionary and pattern-based attacks like 123 or qwerty |
Common password mistakes
| Mistake | Why it is weak | Better alternative |
|---|---|---|
| Dictionary words (password, welcome) | In every cracking wordlist, cracked in milliseconds | Random unrelated character sequence |
| Letter substitutions (p@ssw0rd) | Still in modern dictionaries, highly predictable | Truly random mix of all character types |
| Personal information (name, birthday) | Guessable from public profiles or social media | Random characters with no personal meaning |
| Short passwords (under 8 characters) | Brute forced in under a second on modern hardware | Minimum 12 characters for any real security |
| Sequential patterns (123456, qwerty) | First tested in any automated attack | Random sequence with no keyboard pattern |
| Reusing passwords across accounts | One data breach exposes all your other accounts | Unique password for every account you own |