How strong is your password?
Type it below and instantly see its entropy, weak spots and how long it would take to guess. All the analysis happens in your browser only.
Type a password to see the analysis.
Estimate based on an offline attack at 100 billion guesses per second. An online attack (with rate limiting) is far slower.
What actually makes a password strong
Length matters more than complexity: every extra character multiplies the number of possible combinations. A phrase of 4 random words like "maple-otter-cloud92-barn" tops 70 bits of entropy and is easier to remember than "Kx7!q". The classic substitutions (p4ssw0rd, @ instead of a), on the other hand, barely help: cracking tools try those first, along with names, birth dates, sports teams and the most common passwords leaked in data breaches.
How long would it take a hacker to guess it?
It depends on where the attack happens. On a website that locks accounts after failed attempts, an attacker gets only a few tries per second; but if a database is stolen, a modern graphics card can test billions of combinations per second against weak hashes. That is why you should never reuse the same password across sites: a single breached service can compromise all the others. The winning combination is a password manager that generates long, random codes, plus two-factor authentication wherever it is available.