Diagnostic suite · live

Password Strength Tester

Entropy, crack time, and a privacy-preserving breach check via Have I Been Pwned (only the first 5 chars of the SHA-1 hash leave your browser).

About the Password Strength Tester

The Password Strength Tester analyzes any password for entropy (measured in bits), estimates how long it would take to crack via brute-force at modern hardware speeds, and (optionally) checks whether the password has appeared in a known data breach — using the Have I Been Pwned k-anonymity API, which reveals only the first 5 characters of the password's SHA-1 hash. Your actual password never leaves your device.

Password strength is more nuanced than 'has uppercase + digit + symbol'. A password like `P@ssw0rd1` looks complex by that rule but is one of the most guessed strings on earth. Real strength comes from length, unpredictability and absence from breach corpora. This tool measures all three and gives you a straight answer.

Use it to vet new passwords before committing them to a password manager, to check whether a candidate for a shared secret has been leaked, to test your organization's password policy's real-world effectiveness, or to educate users about why long random passwords beat short 'complex' ones. Combine with the Password Generator for a full generate-then-verify workflow.

How to use this tool

  1. 1Enter the required value in the input field above (domain, IP, URL, or text depending on the tool).
  2. 2Click the action button to run the check — results are computed instantly from our edge network.
  3. 3Review the parsed output, key fields and any warnings shown in the result card.
  4. 4Copy the result, share the page URL, or jump to a related tool from the sidebar to continue debugging.

Key features

  • Entropy in bits with realistic crack-time estimate
  • Common-pattern detection (dates, keyboard walks, dictionary words)
  • Have I Been Pwned check via k-anonymity
  • Password never leaves your device
Related searches: password strength checker · password entropy calculator · hibp password check · have i been pwned · password crack time · secure password test

Frequently asked questions

It combines Shannon entropy (based on the character set and length), penalties for common patterns (words, dates, keyboard walks) and a breach-corpus check. The final score reflects how quickly a real attacker could crack the password.