Password Strength Checker - Free Online Tool

How This Tool Works

The Password Strength Checker evaluates how resistant a password is to brute-force and dictionary attacks. It estimates the number of possible combinations (entropy), the time to crack at typical attack speeds, and identifies specific weaknesses: common patterns like 'password123', keyboard walks like 'qwerty', dictionary words, and predictable substitutions like 3→E or 0→O. A strong password is long (12+ characters), uses all character types, and is not based on any dictionary word, name, or predictable pattern.

How to Use

Type or paste a password in field A.
Click Run. The result shows a strength rating and specific weaknesses found.
Aim for at least 'Strong' — the combination of length and character variety matters most.
Never type your actual live passwords into any online tool — use this for testing new candidates only.

Common Questions

What makes a password strong?

Length is the biggest factor. A random 16-character password of any characters is much stronger than a complex 8-character password. Use a combination of uppercase, lowercase, digits, and symbols. Avoid any word found in a dictionary, any part of your name or email, and any repeated pattern.

Why is 'P@ssw0rd' considered weak?

Common substitutions (a→@, o→0, e→3) are known to attackers. Cracking tools try these patterns automatically. A password that was a word before substitution is still a dictionary word in terms of crack resistance.

What is a passphrase and is it stronger?

A passphrase is a sequence of random words: 'correct horse battery staple'. At 4 random words, this has more entropy than most 8-character passwords and is far easier to memorize. NIST SP 800-63B recommends passphrases over complex short passwords.

Read the full guide →