Is it safe to type my real password here?

Yes. Analysis happens entirely in your browser using JavaScript. The password is never sent to any server or stored anywhere.

What is password entropy?

Entropy (measured in bits) quantifies how unpredictable a password is. Higher entropy means more possible values an attacker must try. A 60-bit entropy password is far stronger than a 30-bit one.

How are crack times estimated?

Crack times are estimated based on the password's entropy and character space against various attack rates: offline fast hash attacks (billions of guesses per second), online throttled attacks, and dictionary attacks.

Best Free Online Password Strength Checker

Knowing how strong a password actually is — beyond a simple "weak/medium/strong" bar — requires quantitative analysis of entropy, character space, and resistance to common attack techniques. devtoolkit.sh's Password Strength Checker provides a detailed analysis of any password you enter. It calculates Shannon entropy (in bits), estimates crack time using a variety of attack scenarios (brute-force at different speeds, dictionary attack, hybrid attack), checks against a list of the most common passwords and patterns, identifies character class diversity, and detects common weaknesses like keyboard walks (qwerty, 12345), repeated characters, and dictionary words. The strength rating is based on the estimated crack time rather than arbitrary rules, giving you a realistic picture of the password's security. Critically, the password is analysed entirely in your browser — it is never transmitted to any server or stored anywhere. This makes it the right tool to use when verifying passwords for your most sensitive accounts, with the confidence that entering the password here does not constitute a security risk.

Password

FAQ

Is it safe to type my real password here?: Yes. Analysis happens entirely in your browser using JavaScript. The password is never sent to any server or stored anywhere.
What is password entropy?: Entropy (measured in bits) quantifies how unpredictable a password is. Higher entropy means more possible values an attacker must try. A 60-bit entropy password is far stronger than a 30-bit one.
How are crack times estimated?: Crack times are estimated based on the password's entropy and character space against various attack rates: offline fast hash attacks (billions of guesses per second), online throttled attacks, and dictionary attacks.