DNS Checker.eu

Password Strength Checker

Test how strong a password is with live entropy and crack-time estimates, computed entirely in your browser so the password you type is never sent anywhere.

How strong is your password?

The check runs entirely in your browser - nothing you type is sent, stored or logged.

About Password Strength Checker

The Password Strength Checker measures how resistant a password is to guessing and cracking. As you type, it estimates the password's entropy in bits, assigns a strength label from very weak to very strong, and models how long the password would survive a real attack. Every calculation happens on your device, so the value you enter is never transmitted, stored, or logged.

Entropy is the core metric: it is roughly the length of the password multiplied by the log base 2 of the character pool it draws from. Adding lowercase letters, uppercase letters, digits, and symbols widens that pool, but length has the larger effect because it multiplies entropy for every single character. That is why a long passphrase almost always outscores a short string padded with special characters.

Raw math alone overstates security, so the checker also looks for predictable patterns and discounts them. It flags passwords found in leaked-credential lists, embedded dictionary words, repeated runs such as aaa or 111, keyboard and sequential patterns like 1234, qwerty and azerty, appended years, and the very common Capital-letter-plus-word-plus-digits shape. Attackers try exactly these first, so each one lowers the effective strength.

Two crack-time scenarios put the entropy in context: a fast offline attack at ten billion guesses per second, typical of a GPU rig working from a stolen hash, and a throttled online attack at a thousand guesses per second against a live login. Because the tool is a client-side page served from EU infrastructure with no trackers, you can safely evaluate a real password and act on the guidance without it ever leaving the browser.

How to use it

  1. 1Type or paste the password into the field, and use the Show or Hide button to toggle visibility.
  2. 2Read the strength label and the entropy estimate in bits, both of which update live as you type.
  3. 3Compare the two crack-time figures for the offline GPU scenario and the throttled online scenario.
  4. 4Review any warnings about common words, sequences, years, or predictable shapes and revise the password.
  5. 5For the best result, use a long, unique passphrase and store it in a password manager.

Common use cases

  • -Choosing a stronger master password or passphrase for a password manager or email account.
  • -Demonstrating to a team why weak or reused passwords fail so quickly under attack.
  • -Letting developers sanity-check password rules without ever exposing a real secret to a server.
  • -Verifying that a randomly generated password is genuinely strong before saving it.

Frequently asked questions

Is it safe to type my real password into this checker?
Yes. The tool runs entirely in your browser and analyses the password locally. Nothing you type is transmitted, stored, or logged, so no server ever sees the value.
What does password entropy mean?
Entropy measures a password's unpredictability in bits. Each additional bit doubles the number of guesses an attacker needs. As a rough guide, under 30 bits is very weak and 80 bits or more is very strong.
How is the crack time estimated?
It divides the average number of guesses required, about 2 to the power of the entropy divided by two, by an assumed attack speed: ten billion guesses per second for an offline GPU rig, or one thousand per second for a throttled online login.
Why does adding length help more than adding symbols?
Length multiplies entropy for every character in the password, while adding a symbol only widens the per-character pool once. A longer passphrase therefore beats a short password full of special characters.
Does a 'very strong' rating mean the password is safe to reuse?
No. Strength only reflects how hard a password is to guess. A reused password is still exposed by any data breach of a site that stored it, so every account needs its own unique password.