Password Entropy Checker

Test your passwords against advanced dictionaries and brute-force models instantly and securely in your browser.

Evaluate password strength and crack time using local zxcvbn logic.

A robust, entirely local password strength and entropy evaluator. Powered by the open-source zxcvbn library, it gives you hyper-accurate estimates on how long your password would take to crack via offline and online attacks without ever sending your keystrokes to a server.

How this page is maintained

  • Steps and copy are checked against the current tool behavior.
  • Browser limits, file-size constraints, or compatibility gaps are documented when relevant.
  • Unless a page explicitly says otherwise, files and text stay in the browser during processing.

The Illusion of "Strong" Passwords

For decades, we were told that P@$w0rd1! was a highly secure password because it satisfied the arbitrary rules of "one uppercase, one number, one symbol."

In reality, modern offline cracking rigs, firing off tens of billions of SHA-256 hashes per second, will shatter that password in milliseconds. They use massive dictionaries, combined with rulesets that automatically transpose a to @ and s to $.

Enter zxcvbn

Our Password Entropy Checker utilizes zxcvbn, an advanced password strength estimator originally developed by Dropbox. Rather than just checking off arbitrary boxes for symbols, it evaluates your password against:

  1. Massive Dictionaries: It cross-references top 100k common passwords, English words, common names, and popular TV shows.
  2. Predictable Patterns: It detects keyboard walks (like qwerty or asdfg), sequential data (123456), and repeated characters (aaaaa).
  3. L33t Speak: It understands that you replaced an o with a 0.

Complete Privacy

We built this implementation to run purely in your front-end browser DOM. You can literally disconnect from the Wi-Fi, refresh the page from cache, type your variations, and it will still work precisely. Protect your accounts using accurate mathematics, not arbitrary rules.

Key features

  • True Local Evaluation: Never type a real password into a server-backed web form. This tool processes every keystroke locally via WebAssembly.
  • Dropbox zxcvbn Engine: Utilizes the industry-standard algorithm used by major tech companies to detect common words, names, and predictable patterns.
  • Crack Time Estimates: Provides sobering, realistic timeframes for dedicated offline fast-hashing servers vs. online throttled attacks.
  • Actionable Suggestions: Not just a generic "Weak" or "Strong" meter—receive intelligent suggestions on how to mutate your password to defeat dictionaries.

Frequently asked questions

Is it safe to type my actual master password here?

While this tool operates 100% locally and your keystrokes never leave your browser, as a strict security rule, you should never type your actual master password into ANY browser website out of an abundance of caution against malware or rogue browser extensions.

What is entropy?

Entropy is a measure of unpredictability. In passwords, it's measured in bits. A 60-bit password is substantially harder to crack than a 40-bit one, regardless of length.

Why does adding a number at the end not help much?

Modern cracking tools know human psychology. They automatically test adding "1", "123", or "!" to the end of dictionary words. The zxcvbn engine accurately detects and penalizes this predictable behavior.

Browse the full tool directory