Password Strength Checker

Test how strong a password is, see its entropy and estimated crack time, and get plain-English weaknesses — all in your browser.

The Password Strength Checker analyzes your password entirely in your browser. Whatever you type into the field stays on your device — it is never uploaded, logged, or sent to ArrayKit.

Open the Password Generator

About Password Strength Checker

The Password Strength Checker measures how hard a password would be to guess and explains why. Type or paste one and it computes a 0-4 strength score, estimated entropy in bits, and a rough offline crack time, then breaks down which character classes you used — lowercase, uppercase, digits, and symbols. It also flags concrete weaknesses: passwords that are too short, use only one character type, match a very common or breached password, or contain repeated characters, sequential runs like abcd, or keyboard walks like qwerty. A masked field with a reveal toggle keeps your password hidden while you work. It is built for anyone hardening an account or a signup form. Every calculation runs on your device — the password never leaves the browser.

Features

How to use the Password Strength Checker

  1. Type or paste the password into the masked field
  2. Read the strength score, entropy in bits, and estimated crack time
  3. Use Reveal to confirm you typed the password correctly
  4. Fix each weakness listed under "What we found" and re-check

Example

Input

password

Output

Score 0 / Very weak · flagged: very common password · crack time: instantly

"password" is on every breach list, so it falls to a dictionary attack immediately.

Common errors & troubleshooting

Frequently asked questions

How does the Password Strength Checker score a password?
It combines the estimated entropy from your password's length and character pool with penalties for structural weaknesses — common passwords, single character classes, repeats, sequences, and keyboard walks — to produce a 0-4 score and a one-word verdict.
What does the entropy in bits actually mean here?
Entropy in bits is roughly log2 of the number of guesses needed to brute-force the password: length times log2 of the character pool. More bits means exponentially more possibilities, so 60+ bits is meaningfully stronger than 30.
How is the crack-time estimate calculated?
It divides the average number of guesses (half the search space implied by the entropy) by an assumed attacker speed of about 10 billion guesses per second, then rounds to a readable unit like hours, years, or centuries.
Which weak patterns does this password checker detect?
It flags passwords that are too short, use only one character type, match a small embedded list of very common passwords, or contain repeated runs, ascending or descending sequences like abcd, and straight keyboard walks like qwerty or asdf.
Is it safe to type a real password into this checker?
The analysis happens entirely in your browser and the password is never sent anywhere, so it is safe to test. Still, as a general habit, avoid pasting a live production password into any web page you do not fully trust.
Does a high score here guarantee my account is secure?
No. A strong score means the password itself is hard to guess, but account security also depends on unique passwords per site, breach exposure, and two-factor authentication. Treat the score as guidance, not a guarantee.

Related tools

All ArrayKit tools