All tools
Security tools

Password Strength Checker

Get an instant score, a brute-force crack-time estimate and specific tips to make your password stronger — all in one click.

Get started free Sign in

Free · No credit card · 50 credits/day

How the score is calculated

A 0–100 score built from three independent signals.

Length

+40 pts

The single most impactful factor. Points scale with length: 6+ chars (+10), 8+ (+10), 12+ (+10), 16+ (+10). Every extra character multiplies the possible combinations exponentially.

Character variety

+40 pts

Uppercase (+10), lowercase (+10), digits (+10) and symbols (+10). Each type widens the character set — from 26 (lowercase only) to 94+ (all four types).

Pattern penalties

−20 pts

Repeated characters like "aaa" (−10) and sequential runs like "123" or "abc" (−10) are detected automatically, because attackers try these patterns first.

Complexity bonus

+20 pts

Extra points for 12+ characters combined with digits and symbols (+10), and another +10 for passwords of 20 characters or more — recognising truly strong passwords.

What does each rating mean?

Five bands from Very Weak to Very Strong.

Very Weak
Score 0–19

Crackable in seconds or less. Too short, no variety, or common pattern detected.

Weak
Score 20–39

Still vulnerable to dictionary or fast brute-force attacks. Needs more length or variety.

Fair
Score 40–59

Adequate for low-stakes accounts, but not recommended for email, banking or work logins.

Strong
Score 60–79

Good password. Resistant to brute-force; would take years to crack at 10B guesses/sec.

Very Strong
Score 80–100

Excellent. Centuries or more to crack. Use this level for all sensitive accounts.

What makes or breaks a password

16+ characters — the most impactful single change. Moves the crack-time estimate from hours to billions of years.

All four character types — uppercase, lowercase, digits and symbols together raise the charset from 26 to 94, multiplying combinations 3× per character.

Random-looking sequence — no real words, names, dates or keyboard walks. Our generator uses CSPRNG so there are no detectable patterns.

Sequential runs like 123, abc or qwerty — first things every cracking tool tries.

Repeated characters like aaa or 111 — reduces effective entropy even in long passwords.

Personal information — birthdays, names, pet names and addresses are trivially guessable via targeted attacks or data you've shared publicly.

Frequently asked questions

How does the password strength checker work?

It scores your password across length (up to 40 points), character variety — uppercase, lowercase, numbers and symbols (up to 40 points) — and applies penalties for repeated characters or sequential patterns. It then estimates crack time assuming a brute-force attacker at 10 billion guesses per second.

Is my password sent to your servers?

Yes, the analysis runs server-side over HTTPS, but your password is never stored, logged or retained in any way. It is discarded immediately after the score is returned to your browser.

What score should I aim for?

Aim for 80 or above (rated Strong or Very Strong). That typically means at least 16 characters with uppercase, lowercase, numbers and symbols, and no repeated or sequential patterns.

What is crack time and how is it calculated?

Crack time is how long a brute-force attack would need to exhaust every possible combination for your password, modelled at 10 billion guesses per second — representative of a modern GPU cluster. The formula is: (charset size ^ password length) / 10,000,000,000.

Related security tools

Generate and protect your passwords with these tools.

Password Generator

Generate cryptographically secure random passwords with custom length and charset.

Hash Generator

Generate MD5, SHA-256 and SHA-512 hashes from any text or file.

Bcrypt Generator

Hash and verify passwords with bcrypt — choose the cost factor.

Ready to check your password?

Free account. 50 credits per day. Access to 75+ tools instantly.

Create free account →