No password upload
There is no strength-check API. All checks are small JavaScript functions in this page.
Measure length, character variety, and obvious predictable patterns. Analysis happens as you type and the value never leaves this browser tab.
This is an educational estimate, not a guarantee. The password is not compared against online breach databases.
There is no strength-check API. All checks are small JavaScript functions in this page.
Attack speed depends on the system and hashing method, so we show practical signals rather than a dramatic timer.
A strong-looking password can still be unsafe if it has been reused or exposed elsewhere.
This checker estimates the search space implied by length and character variety, then reduces the result when it finds common patterns. Real password cracking is more sophisticated and depends on how the service stores passwords.
Every additional independently selected character multiplies the possible combinations. A long random password is more dependable than a short password decorated to satisfy a policy.
A 30-character password leaked from one website can be tried directly at another. No local strength score can detect reuse.
A checker that sends input to a server could log it. This page works without a request, but generating new credentials inside your password manager remains safest.