🛝Toolio
All tools

🔒 Password Strength Meter

Type a password and instantly see how strong it really is — entropy in bits, estimated crack time, a color strength bar, and specific tips to make it harder to guess. Nothing you type is ever sent anywhere.

Password
🔒 Checked entirely in your browser — nothing is sent anywhere.

    About

    The Password Strength Meter calculates entropy by analyzing the character set your password draws from — lowercase, uppercase, digits, and symbols — then multiplying by the logarithm of its length. That entropy figure, measured in bits, tells you how many guesses a brute-force attacker would need on average. The tool converts that into a human-readable crack-time estimate (from milliseconds to centuries) assuming a fast offline attack at one billion guesses per second. A color-coded bar (red → orange → yellow → green) gives an at-a-glance rating, and a checklist of improvement tips appears for any weakness detected. All processing runs in your browser via JavaScript; your password is never stored, logged, or transmitted.

    How to use

    1. Type or paste your password into the input field — the meter updates in real time as you type.
    2. Read the entropy value in bits: higher is stronger. Aim for at least 60 bits for everyday accounts, 80+ for sensitive ones.
    3. Check the color strength bar — red means weak, orange is fair, yellow is good, and green means strong.
    4. Review the estimated time to crack — this shows how long a fast brute-force attack would take to guess your password.
    5. Follow the improvement tips shown below the bar — they tell you exactly what to add (length, symbols, mixed case) to reach a stronger score.

    FAQ

    Is my password sent to a server?
    No. All analysis runs entirely in your browser via JavaScript. Your password never leaves your device and is never stored or logged.
    What does entropy in bits actually mean?
    Entropy measures unpredictability. Each extra bit doubles the number of guesses an attacker needs. 40 bits = ~1 trillion guesses; 60 bits = ~1 quintillion guesses. More bits = exponentially harder to crack.
    How is the crack time estimated?
    The tool assumes a fast offline brute-force attack at one billion (10⁹) guesses per second — the speed of a modern GPU cracking a leaked hash. Total guesses = 2^entropy; crack time = total guesses ÷ speed.
    What makes a password strong?
    Length matters most. A 16-character password using letters and numbers is far stronger than an 8-character password with symbols. Mix uppercase, lowercase, digits, and symbols, and avoid dictionary words or predictable patterns.
    Should I use this tool to test my real passwords?
    Yes — because everything runs locally in your browser and nothing is transmitted, it is safe to type your real password here. That said, a best practice is to test similar passwords to understand the pattern rather than your exact credential.