// strength & breach analysis

Real-time entropy, crack-time estimates and pattern detection. HIBP breach check uses k-anonymity — only the first 5 characters of a SHA-1 hash are ever sent. Your password never leaves this page.

Password Strength Analyzer & Checker

password 0 chars

awaiting input —

metrics

entropy

—

bits

length

—

characters

charset size

—

possible symbols

combinations

—

possible

estimated crack time — brute force

Online attack (throttled — 100/hr)	—
Online attack (unthrottled — 10/s)	—
Offline — slow hash (bcrypt, 10K/s)	—
Offline — fast hash (MD5 GPU, 10B/s)	—

character classes

lowercase (a–z)

uppercase (A–Z)

digits (0–9)

symbols (!@#…)

spaces

extended unicode

pattern analysis

[i]Enter a password to detect patterns.

breach database check haveibeenpwned.com

awaiting check…

[k-anonymity] Only the first 5 hex characters of a SHA-1 hash are sent to HIBP. The full hash — and your password — never leave your browser.

suggestions

[→]Enter a password to get personalized recommendations.