Mello
Security

Password Strength Checker

See how long it would take to crack a password — never sent over the network.

Heuristic estimate only. Real-world crack time depends on the attacker's hardware and whether the password appears in breach datasets. A 'strong' rating is not a guarantee.

Runs in your browserNo account requiredNo uploadFree
Loading tool…

About Password Strength Checker

Password Strength Checker estimates how strong a password is by measuring its entropy — roughly, how many possible passwords an attacker would have to try by brute force — and translating that into a 'time to crack' against modern hardware. It is the right gut-check before reusing a password, picking one for a new account, or judging whether a site's password rules are actually accomplishing anything.

Worked example: 'password123' rates as weak — low entropy, easy to crack. 'Tr0ub4dor&3' rates moderate. 'correct-horse-battery-staple' — four common words joined — rates strong, with a brute-force crack time measured in centuries on consumer GPUs. The checker shows three things: a strength label (Very weak / Weak / Decent / Strong / Excellent), the estimated entropy in bits, and an estimated crack time against an offline GPU attack (around 10 billion guesses per second).

Two important caveats. The estimate is heuristic and length-and-character-class based: it computes entropy as length × log2(alphabet size), where the alphabet expands when the password uses lowercase, uppercase, digits, or symbols. It does NOT detect dictionary words, common substitutions ('p4ssw0rd'), keyboard walks ('qwerty'), or whether your password appears in a real-world breach dataset — all of which can make a 'strong'-looking password actually weak. For breach lookups, use haveihbeenpwned or your password manager's audit feature. The crack-time figure also assumes an unsalted hash and a serious GPU attacker; a properly salted, key-stretched password (PBKDF2 / bcrypt / scrypt / Argon2) is much harder to attack.

All evaluation runs locally in your browser. The password you type is never sent over the network, logged, or stored — close the tab and it is gone.

Frequently asked questions

No. The strength check runs entirely in your browser; nothing is uploaded, logged, or stored.

More security tools

Password Generator
Generate secure random passwords — cryptographically random, never leaves your browser.
Security
Hash Generator (MD5, SHA-1, SHA-256, SHA-512)
Hash any text with MD5, SHA-1, SHA-256, or SHA-512 — all in your browser.
Security