Qepto Tools logoQepto ToolsFree online calculators
All generators

Security

Password Strength Checker

Enter any password to see a detailed strength analysis including entropy, estimated crack time at modern attack speeds, and specific weaknesses to address.

Password to check

Generated output

Enter a password to see the strength analysis.

How it works

Entropy is calculated as log₂(C^L), where C is the effective character set size (determined by which character classes are present) and L is the password length. This gives the theoretical number of guesses needed to exhaust all possibilities by brute force.

Crack time is estimated at 10 billion guesses per second — a realistic figure for a dedicated offline attack using modern GPU hardware. Patterns such as dictionary words, keyboard walks (qwerty, 12345), and repeated characters are flagged as weaknesses since attackers apply these rules before brute-forcing.

Practical example

The password "password123" has an entropy of about 58 bits using only lowercase + digits. However, it contains a common dictionary word and a sequential number suffix — both are in every attack dictionary, meaning the real-world crack time is seconds, not billions of years.

A randomly generated password like "kR7#mP2@wQ9!" uses all character classes at 12 characters — about 79 bits of entropy. Estimated crack time at 10B guesses/sec: over 1 million years.

Frequently asked questions

Answers to common questions about this generator and how it works.

Is my password stored or transmitted?

No. The analysis runs entirely in your browser using JavaScript. Nothing you enter is sent to any server.

Why does a long simple password sometimes score better than a short complex one?

Because length increases entropy exponentially. A 20-character lowercase password has more theoretical combinations than an 8-character password using all character sets. Length is the most important factor.

What does the crack time estimate assume?

It assumes an offline attack at 10 billion guesses per second — a conservative estimate for a well-resourced attacker with the hashed password. Online attacks against login forms are rate-limited and far slower.

Should I use this tool to check passwords I actually use?

For maximum caution, avoid entering real passwords into any online tool. Use it to test the structure of a password type rather than an actual credential.

What makes a pattern weak even with high entropy?

Attackers use rule-based attacks before brute force — applying common substitutions (@ for a, 3 for e), appending numbers, and trying dictionary words with modifications. A password matching these patterns is cracked far faster than its raw entropy suggests.

Related generators

Explore other generators that pair well with this one.

Password Generator

Generate strong, unique passwords with custom length and character sets.

Passphrase Generator

Generate secure, memorable word-based passphrases with custom word count and separator.

Token Generator

Generate secure API tokens, keys, and random secrets in hex or base64 format.

Qepto Tools

Free online calculators and generators for finance, health, dates, and everyday life. Fast results, no sign-up required.

Whether you need to estimate a loan payment, check your BMI, generate a secure password, or create a UUID — we have a tool for that. New tools are added regularly based on user requests.

Company

Legal

Disclaimer

All calculators provide approximate results for informational purposes only. Generators produce random output using your browser's cryptographic API — results are not stored or transmitted. Qepto Tools is not responsible for decisions or damages arising from use of any tool. Always verify important figures with a qualified professional.

We use cookies for analytics and advertising. See our Cookie Policy for details.