Skip to content
Kordu Tools Kordu Tools

Password Strength Meter

Runs in browser

Test how strong your password is — entropy, crack time estimate, and a detailed requirements checklist.

Last updated 08 Apr 2026

Check password strength instantly. Calculates Shannon entropy, estimates brute-force crack time at 10 billion guesses/second, and runs 9 checks: length, character diversity, common passwords, repeating characters, and sequential patterns. Runs entirely in your browser.

Your password never leaves your browser. All analysis runs locally.
Loading rating…

How to use

  1. 1

    Enter a password

    Type or paste the password you want to test into the input field. Use the Show/Hide button to toggle visibility.

  2. 2

    View the strength score

    The strength bar updates in real time, showing a score from Very Weak to Very Strong with a color indicator.

  3. 3

    Check the crack time

    See how long it would take to brute-force the password at 10 billion guesses per second.

  4. 4

    Review the checklist

    Go through the 9-point requirements checklist to see which criteria your password meets and which it misses.

Frequently asked questions

Is my password sent to a server?
No. All analysis runs locally in your browser using JavaScript. No network requests are made — your password never leaves your device.
How is entropy calculated?
Entropy is calculated as password length multiplied by log2 of the character pool size. The pool includes lowercase (26), uppercase (26), digits (10), and special characters (33) — only the character classes actually used in the password count.
What does the crack time assume?
The crack time estimate assumes a brute-force attack at 10 billion guesses per second, which represents a modern GPU cluster. Real-world attacks may be faster (using dictionaries and rules) or slower (against properly hashed passwords with rate limiting).
Why is my long password rated lower than expected?
Length alone is not enough. The meter also penalises common passwords, repeating characters (aaa), and sequential patterns (abc, 123). A 20-character password made of repeated characters scores lower than a shorter random one.
What makes a strong password?
A strong password is at least 12 characters long, uses all four character classes (lowercase, uppercase, digits, special), avoids common words and patterns, and is not reused across accounts. Passphrases (random word combinations) are also effective.
How is this different from the password generator?
The password generator creates new random passwords. The strength meter analyses passwords you already have or are considering. Use the generator to create strong passwords, and the strength meter to test existing ones.

Test any password against a comprehensive set of strength criteria. The

meter analyses character diversity (lowercase, uppercase, digits, special

characters), calculates Shannon entropy to measure randomness, and

estimates how long a brute-force attack would take at 10 billion

guesses per second — a realistic rate for a modern GPU cluster.

Nine checks run in real time as you type: minimum length (8 and 12

characters), character class diversity, common password detection

(checks against a curated list), repeating characters (aaa), and

sequential characters (abc, 123). The overall score ranges from

"Very Weak" to "Very Strong" with a clear visual indicator.

Your password never leaves your browser. No network requests are made

during analysis — everything runs locally in JavaScript.

Who is this for: anyone choosing a new password, security-conscious

users auditing existing passwords, and developers testing password

policies.

Related tools

Password Generator

Generate cryptographically secure passwords with custom length (8–128), character sets, entropy display, and exclude-ambiguous option. Runs in your browser.

Password Breach Checker

Check if a password appeared in known data breaches using k-anonymity. Only the first 5 SHA-1 hash characters are sent — your password never leaves your browser.

Bcrypt Hash Generator

Generate bcrypt hashes with configurable cost factor (4–31). Auto-salted, rainbow-table resistant, fully browser-based. Recommended for secure password storage.

SHA-256 Hash Generator

Generate SHA-256 hashes from text instantly. WebCrypto hardware-accelerated, real-time output. Used in Bitcoin, TLS, and digital signatures. Zero uploads.