Password Strength Checker

Password strength is measured in bits of entropy. Entropy = log2(possible characters ^ length). A 12-character password using uppercase, lowercase, digits, and symbols (95 chars): 12 × log2(95) = 78.8 bits. 80+ bits is considered strong.

Length is most important: 12+ characters minimum, 16+ recommended. Use a mix of uppercase, lowercase, numbers, and symbols. Avoid dictionary words, personal info, and common patterns (123456, qwerty). Passphrases like "correct-horse-battery-staple" are both strong and memorable.

At 10 billion guesses/second: 8 lowercase letters = 3 minutes. 8 mixed characters = 14 hours. 12 mixed characters = 2,000 years. 16 mixed characters = 1 billion years. The tool estimates crack time based on your password's entropy.

Top compromised passwords: 123456, password, 123456789, qwerty, abc123, 111111, password1, iloveyou, admin, welcome. These appear in every breach database. The tool checks your password against known compromised password lists.

Yes. A 4-word passphrase like "purple-mountain-sunset-river" has about 55 bits of entropy and is easy to remember. Adding numbers and symbols increases it further. Passphrases are longer, more memorable, and harder to crack than short complex passwords.