Password Strength Checker

Check password strength, entropy, and common weaknesses. All checks run locally in your browser.

Strength Check

Password

Show Password

Entropy

Strength:

Estimated offline (high-speed GPU) cracking time

Estimated online (rate-limited) cracking time

Check Results

Length
Lowercase Letters
Uppercase Letters
Digits
Symbols
Sequence
Repeats
Blocklist
Keyboard Pattern
Date
Periodic

Policy Configuration

Minimum length

Require lowercase letters Require uppercase letters Require digits Require symbols Prohibit sequential sequences Prohibit long repetitions

Custom blacklist

Comma - separated, case - insensitive. Supports Leet normalization (e.g., Pa$$w0rd → password).

Optimization Suggestions

Privacy Notice: Detection is performed entirely locally in your browser, and passwords are not uploaded.

Usage Instructions

Analyze passwords locally and get actionable optimization suggestions.

1) Enter or paste a password; the results will update in real-time.

2) Adjust the policy (minimum length/character type requirements) as needed.

3) Add common weak words to the blocklist for better identification (supports Leet normalization).

4) Share policy settings using import/export.

Functional Features

100% local analysis, prioritizing privacy protection.
Advanced detection: keyboard patterns, dates, periodic repetitions, sequences, repetitions, etc.
Leet normalization for blacklist matching (e.g., Pa$$w0rd → password).
Flexible policies: minimum length and character type requirements.
One - click import/export of policy JSON.
One - click analysis in the detector

Password Comparison

Password A

Password B

Comparison result

Entropy (A): Entropy (B):

Frequently Asked Questions

Will my password be uploaded?

No. All analysis is performed only within your browser.

What does 'entropy' mean?

It roughly indicates how many attempts are needed to guess the password. The actual strength decreases when there are patterns.

Why did the score decrease?

Patterns such as sequences, dates, or keyboard patterns will reduce the strength.

Report

The report does not contain your password text, only metrics and settings.

Related Knowledge

Entropy

Entropy estimates the size of the search space based on the character set and length. If there is structure (patterns, words), the effective entropy will be lower even if the raw bits seem high.

Explanation of Detection Items

Sequential sequences, such as abcde or 12345.
Long repetitions of the same character (e.g., aaaa).
Matches common weak words/patterns in the custom blacklist.
Keyboard runs or adjacent key sequences (e.g., qwerty, asdf).
Date formats (e.g., YYYYMMDD, dd-mm-yyyy).
Repeating substrings (e.g., abcabc, 121212).
Perform Leet normalization before matching the blacklist (e.g., Pa$$w0rd → password).

Note on Cracking Time

Cracking time is only a rough estimate. Actual attacks use dictionaries, masks, and GPUs. Short and structurally obvious passwords are often much weaker than their apparent entropy.

Best Practices

Prioritize using long random passphrases (more than 4 words) or passwords generated by a password manager.
Avoid personal information, dates, and predictable structures.
Use a password manager and enable multi - factor authentication (MFA) whenever possible.
Do not reuse passwords; only change them when they are compromised.

How to Check Password Strength via Programming Languages

Here is a minimal example using well - established community libraries. You can choose according to your technology stack.

JavaScript

<!-- CDN -->
<script src="https://unpkg.com/[email protected]/dist/zxcvbn.js"></script>
<script>
  const res = zxcvbn('P@ssw0rd!');
  console.log(res.score, res.crack_times_display);
</script>

Node.js

// npm i @zxcvbn-ts/core
import { zxcvbn } from '@zxcvbn-ts/core';

const result = zxcvbn('P@ssw0rd!');
console.log(result.score, result.guesses_log10);

PHP

composer require bjeavons/zxcvbn-php

<?php
require __DIR__ . '/vendor/autoload.php';

use ZxcvbnPhp\\Zxcvbn;

$zxcvbn = new Zxcvbn();
$res = $zxcvbn->passwordStrength('P@ssw0rd!');
echo $res['score'];

Python

pip install zxcvbn

from zxcvbn import zxcvbn

res = zxcvbn('P@ssw0rd!')
print(res['score'], res['crack_times_display'])

go get github.com/nbutton23/zxcvbn-go

package main

import (
  "fmt"
  zxcvbn "github.com/nbutton23/zxcvbn-go"
)

func main() {
  res := zxcvbn.PasswordStrength("P@ssw0rd!", nil)
  fmt.Println(res.Score, res.Guesses)
}

Rust

# Add dependency
cargo add zxcvbn

use zxcvbn::zxcvbn;

fn main() {
    match zxcvbn("P@ssw0rd!", &[]) {
        Ok(estimate) => {
            println!("score: {}", estimate.score()); // 0..4
            if let Some(times) = estimate.crack_times() {
                println!("offline: {:?}", times.offline_slow_hashing_1e4_per_second());
            }
        }
        Err(err) => eprintln!("zxcvbn error: {err}"),
    }
}

Note: These libraries provide strength and pattern estimations, which may slightly differ from the detection items on this page.