Tool
How strong is it, really?
Most strength meters lie to flatter you. This one does the honest maths, and never sends a keystroke anywhere. Everything below happens in your browser.
🔒 Private, this never leaves your device. No network, no storage.
Each chunk a cracker sees becomes a branch. Random characters fan out, every branch is a guess it must try. A word, run or repeat collapses to a single trunk, because the cracker guesses the whole thing at once. That collapse is why “correcthorse” of common words can be weaker than five random characters.
Time to crack by guessing
Assumes an attacker who already has the hashed password and is guessing offline. Rates are deliberately generous to them.
Helping
Hurting
How this works (and why it's more honest than most)
Entropy is measured in bits: each bit doubles the number of guesses an attacker needs. A truly random 12-character password drawn from all keyboard characters is about 79 bits. But almost nobody types random characters, we type words, dates, patterns, and small substitutions, and an attacker's software knows that.
So this tool estimates two ways and shows you the weaker of them, which is the one that matters. The first is the naïve charset estimate (length × the size of the character pool). The second is pattern-aware: it looks for common passwords, dictionary words, keyboard runs, repeats, and date-like sequences, and discounts the score accordingly, because that is roughly what a real cracking rig does. When the two disagree, your password has structure an attacker can exploit.