Password Strength Checker

Verify your credential security score instantly offline. Calculate entropy metrics, crack times, and generate strong cryptographically secure passwords.

Verify Password Strength

Enter Password

Strength Rating Too Short

Entropy Score

0 bits

Crack Time Estimate

Instant

Security Checklist

✓ At least 12 characters long

✓ Contains uppercase letters

✓ Contains lowercase letters

✓ Contains numbers

✓ Contains special symbols

Generate Secure Password

Generated Password

Password Length

Include Characters

Uppercase (A-Z) Lowercase (a-z) Numbers (0-9) Symbols (!@#$%^&*) Exclude Similar (i, l, 1, o, 0)

Understanding Password Security and Entropy

**Shannon Entropy** is a mathematical metric that measures the randomness and unpredictability of a password based on its character set pool and length. Calculated in bits, higher entropy score mappings represent a much wider range of possible permutations, making brute-force dictionary attack scripts exponentially more difficult and time-consuming to execute. For maximum security, aiming for an entropy level of **65 to 80 bits** or higher is highly recommended.

This strength checker computes entropy scores and estimates cracking times based on offline computing networks guessing **100 billion passwords per second**. Because all logic executes local script blocks inside your browser, no strings are sent over standard networks, keeping your credentials fully secure and private.

Frequently Asked Questions (FAQ)

What is a strong password entropy rating?

Passwords with entropy below 50 bits are considered weak and easily crackable. A rating between 50 and 64 bits provides medium security. Passwords containing 65 to 80 bits of entropy are considered strong, while scores exceeding 80 bits are extremely secure and practically uncrackable using modern brute-force hardware.

How does character diversity increase entropy?

Adding numbers, capital letters, and symbols increases the size of the "character pool" (from 26 letters to 94 possible characters). When combined with a long character length (e.g. 14+ characters), this pool expansion multiplies the search space exponentially, making guessing attacks mathematically unfeasible.

Is the generated password truly random?

Yes. The password generator leverages the browser's native `window.crypto.getRandomValues()` method. Unlike standard pseudo-random functions like `Math.random()`, this browser API delivers cryptographically secure random integers, ensuring that the generated keys are completely unpredictable.