Password Strength Checker
Estimate password entropy and crack time. Built for educational illustration; do not enter real passwords here.
What is Password Strength Checker?
The password strength checker estimates password entropy (the number of bits of randomness) and brute-force crack time. Useful for education — don't enter actual passwords here.
Formula
Entropy = length × log₂(character set size). Crack time at N guesses/sec = (combinations / 2) / N.
Worked example
"P@ssw0rd!" length 9 with all character types: ~57 bits entropy. Crackable in days with offline computing.
How to use this calculator
- Enter password length and which character classes you would use.
- The calculator returns entropy bits, combinations, and crack-time estimates.
Frequently asked questions
What is good entropy?
56 bits is the minimum for serious online accounts. 80+ is strong. 128+ bits is very strong (essentially uncrackable). Aim for 64+ bits on important accounts.
Should I include symbols?
Yes — symbols (32 common chars) push entropy higher than length alone for the same character count. But length matters more than character variety.
Are passphrases stronger?
Often yes. A 4-word random passphrase from a 7,776-word dictionary has 4 × log₂(7776) ≈ 51 bits entropy and is much easier to remember.
Why do crack times include online vs offline?
Online attacks (against a login form) are throttled — typically 1,000 attempts/sec. Offline attacks (after stealing a hashed password) are limited only by hardware — modern GPUs do billions/sec. Account takeover rarely uses online brute force.