← All tools
// Security

Password Strength Checker online

Check password strength — entropy, crack time estimate, and tips

Password Strength Checker logo
by
CHUNKY
MUNSTER
⚠ Your password is never sent anywhere — all checking happens locally in your browser.

How to Use the Password Strength Checker

  1. Paste or enter your input into the text field.
  2. Configure any options (format, delimiter, encoding, or mode) using the controls above the output.
  3. The result updates instantly — no submit button required for most operations.
  4. Click Copy or Download to take the output to your next step.

A password's real strength is its entropy in bits — a measure of how many guesses an attacker would need to find it. This calculator detects which character classes you used, multiplies the resulting alphabet size by your password length, and converts the result into a rough crack time at 10 billion guesses per second.

How the Password Strength Checker Works

The math here measures the structural strength of a randomly chosen password from the same alphabet — it cannot detect dictionary words, keyboard walks, or passwords that have appeared in breaches. Treat the score as an upper bound: a 70-bit "strong" rating means little if the password is "Summer2026!". Use it to size new passwords, not to bless old ones.

Frequently Asked Questions

How is the entropy calculated?

Entropy is computed as length × log2(charset size), where charset size adds 26 for lowercase, 26 for uppercase, 10 for digits, and 32 for symbols. It assumes an attacker knows your character set but not your specific password.

Why is the crack-time estimate so different from other sites?

This tool uses a fixed assumption of 10 billion guesses per second — roughly the speed of an offline GPU attack on a fast hash like NTLM. Slow hashes (bcrypt, Argon2) would take years longer; reused or breached passwords are cracked instantly regardless of entropy.

Is a 12-character password really enough in 2026?

Twelve random characters across all four classes give about 78 bits of entropy, which is well beyond practical brute force today. Length matters far more than complexity — a 16-character passphrase is stronger than an 8-character "P@ssw0rd!".

Does this tool check against breach lists?

No. It only measures structural strength. A perfectly random-looking password that has appeared in a public breach is worthless — pair this checker with a "have I been pwned" lookup before reusing anything.

Explore the full suite of Security tools and 290+ other free utilities at Chunky Munster.