Password Strength Tester
Estimate a password's brute-force entropy from its length and the character classes it uses, and get a quick check against a short list of the most common passwords. Everything runs in your browser.
How to use this tool
- 1
Type or paste a password into the input field.
- 2
Read the rating (Very weak to Excellent) and the estimated entropy in bits shown below the field.
- 3
Follow the specific suggestions, such as adding uppercase letters, numbers, or symbols, or increasing the length.
- 4
Clear the field when you are done so the password does not stay on screen.
How does this tool estimate password strength?
This tester uses the classic brute-force entropy model: it counts how many character classes a password draws from and treats that as a single shared pool. Lowercase adds 26 to the pool, uppercase another 26, digits 10, and any non-alphanumeric symbol a flat 33. It then estimates entropy as length multiplied by log2 of the pool size, so a 12-character password using all four classes yields about 12 x log2(95), roughly 79 bits. The rating bands are entropy-based: under 36 bits is Very weak, 36 Weak, 60 Strong, 80 Very strong, and 100+ Excellent. Separately, it compares the lowercased input against a hard-coded list of ten extremely common passwords (password, 123456, qwerty, and so on) and flags an exact match. This naive model assumes every character is chosen randomly. It does not detect dictionary words, keyboard walks, l33t substitutions, dates, or repeats, so a memorable phrase like Summer2024! will score far higher here than a real attacker's cracking tools would justify. Treat the number as a rough upper bound, not a guarantee.
Common use cases
Quickly sanity-checking a password you just made up before using it on a new account.
Showing a teammate or family member why length and a symbol matter more than they expect.
Demonstrating in a security training session how entropy grows as you add character classes.
Confirming a password is not literally one of the ten most common passwords before saving it.
Comparing two candidate passphrases to see which character mix yields more estimated bits.
Teaching students the brute-force entropy formula by watching the bit count change as they type.
Frequently asked questions
Is my password sent anywhere?▼
How is the entropy number calculated?▼
Why does my strong-looking password score low or high oddly?▼
Does this check against breached password databases?▼
What entropy should I aim for?▼
Is the symbol pool size of 33 exact?▼
Should I rely on this instead of a password manager?▼
Related tools
Bcrypt Hash Generator
Generate bcrypt password hashes (client-side).
HMAC Generator
Generate HMAC signatures with SHA-256, SHA-1, MD5.
AES Encryption
Encrypt and decrypt text with AES-256 in your browser.
2FA QR Code Generator
Generate TOTP/2FA QR codes for authenticator apps.
Caesar Cipher Encoder
Encode and decode Caesar cipher with custom shifts.
ROT13 Encoder
Encode and decode ROT13 text instantly.