Password Strength Calculator
Password strength depends on length, character variety, and unpredictability. This calculator analyzes entropy (randomness) and estimates how long a password would take to crack using modern hardware. It runs entirely in your browser — no password data is transmitted anywhere.
Analyze Password Strength
This calculator estimates theoretical strength based on character-set entropy. Real-world attacks also use dictionary words, common substitutions (@ for a, 3 for e), keyboard patterns, and known breach databases. A password that appears strong by entropy alone may still be vulnerable if it follows common patterns. Use a password manager to generate truly random passwords. This tool runs entirely in your browser — your password is never transmitted.
Understanding Password Entropy
Entropy measures randomness in bits. Each bit of entropy doubles the number of possible combinations an attacker must try. The formula is:
Entropy = log2(charset_size ^ length)
| Character Set | Pool Size | Entropy per Character |
|---|---|---|
| Digits only (0-9) | 10 | 3.32 bits |
| Lowercase letters (a-z) | 26 | 4.70 bits |
| Lowercase + digits | 36 | 5.17 bits |
| Mixed case letters | 52 | 5.70 bits |
| Mixed case + digits | 62 | 5.95 bits |
| All printable ASCII | 95 | 6.57 bits |
Password Strength Guidelines
| Entropy (bits) | Rating | Typical Crack Time (offline, fast hash) |
|---|---|---|
| < 28 | Very weak | Instant to seconds |
| 28 – 40 | Weak | Seconds to minutes |
| 40 – 60 | Moderate | Hours to weeks |
| 60 – 80 | Strong | Years to centuries |
| 80 – 100 | Very strong | Millions of years |
| > 100 | Exceptional | Beyond computational feasibility |
Frequently Asked Questions
Is a longer password always better?
Yes, length is the single most important factor. A 20-character lowercase password has more entropy (94 bits) than an 8-character password using all character types (52 bits). Passphrases of 4-6 random words (e.g., "correct horse battery staple") are both strong and memorable.
Should I use special characters?
Special characters increase the character pool and add entropy per character, but length matters more. Adding one special character to an 8-character password adds about 5 bits of entropy. Adding 4 more lowercase letters adds about 19 bits. Both help, but length wins.
What is the best password strategy?
Use a password manager to generate unique, random passwords of 16+ characters for every account. Use a memorable passphrase (4+ random words) for the password manager's master password. Enable multi-factor authentication (MFA) on all accounts that support it. Never reuse passwords.