Password Strength Analyzer
Analyze password strength, entropy, estimated crack time, and get improvement suggestions.
Frequently Asked Questions
How is password strength calculated?
Password strength is calculated using Shannon entropy, which measures the randomness of the password based on the size of the character pool used (lowercase, uppercase, digits, symbols) and the password length. Higher entropy means more possible combinations and stronger security.
What is entropy in password security?
Entropy is measured in bits and represents the number of possible combinations an attacker would need to try. A password with 40 bits of entropy has 2^40 (about 1 trillion) possible combinations. Generally, 60+ bits is considered strong and 80+ bits is very strong.
How is crack time estimated?
Crack time is estimated assuming an attacker can try 10 billion passwords per second (a high-end GPU cluster). The total combinations (2^entropy) are divided by this rate to get the estimated time. Real-world times may vary based on the attacker's resources and hashing algorithm used.
Is my password sent to a server?
No. All analysis happens entirely in your browser using JavaScript. Your password never leaves your device and is not stored or transmitted anywhere.
What makes a strong password?
A strong password is long (12+ characters), uses a mix of uppercase and lowercase letters, digits, and special characters, and avoids common words, patterns, or personal information. Using a passphrase of random words can also create strong, memorable passwords.