Tool — 100% Client-Side · Nothing Leaves Your Device

Password Strength Meter

Data breaches expose billions of passwords every year — then corporations sell them to each other and to data brokers. Check yours against the full breach database and find out how long it would realistically take an attacker to crack it.

Test Your Password

How strong is it, really?

Type or paste below. Analysis is instant. Nothing is transmitted — not even to us.

Enter a password to begin

How It Works

What the numbers actually mean

Entropy Score

Entropy measures unpredictability in bits. Calculated from length × log₂(character pool size). 60+ bits is the practical minimum against modern offline attacks. 80+ bits is strong.

Crack Time

Modelled against a 10 billion guess/second offline attack — a realistic GPU rig cracking an unsalted fast hash like MD5. Real times vary significantly based on how the site stores passwords.

Breach Check

Uses HaveIBeenPwned's k-anonymity API. Only the first 5 hex characters of your password's SHA-1 hash are sent. Your actual password never leaves your browser. The match is done locally.

Zero Transmission

By the way, all analysis runs in JavaScript inside your tab. There is no server receiving keystrokes. No analytics on what you type. Close the tab and it's gone. We built it this way intentionally.