Password Strength Tester

Cybersecurity Awareness

How fast could your password
be cracked?

Type any password below to see how long it would take an attacker to crack it,
and what you can do to make it stronger.

Try an example:
Estimated time to crack — fast GPU (10 billion guesses/sec)
-
Enter a password above to see results
0
Characters
0
Possible chars
0
Bits of entropy
lowercase a–z
uppercase A–Z
numbers 0–9
symbols !@#$%
Crack time by attack scenario
Home PC (CPU)
~1,000,000 guesses / sec
-
Gaming GPU
~10,000,000,000 guesses / sec
-
Cloud GPU cluster
~100,000,000,000 guesses / sec
-
Nation-state level
~1,000,000,000,000 guesses / sec
-
Dictionary / breach list
Pre-computed - billions of known passwords
-
Tips to improve your password
Enter a password above to see personalised tips.
What are bits of entropy?

Entropy is a measure of how unpredictable your password is - how many different guesses an attacker would need to make before they could find it. Each “bit” of entropy doubles the number of possible passwords. So a password with 10 bits has 1,024 possible combinations, while one with 40 bits has over a trillion.

Think of it like a combination lock
A 4-digit PIN (0000–9999) has about 13 bits of entropy - 10,000 combinations. A random 12-character password using all character types has around 79 bits - that’s roughly 600 quadrillion combinations. Each extra bit makes the lock twice as hard to crack.

Importantly, entropy only reflects true randomness. Repeating a character 16 times doesn’t give you 16 characters worth of entropy - an attacker knows to try that pattern immediately. That’s why this tool calculates effective entropy, which penalises predictable patterns like repetition, sequences, and keyboard walks.

How much entropy is enough?
< 28 bits
Trivially cracked - seconds on any device
28–35 bits
Weak - minutes to hours on a modern GPU
36–59 bits
Moderate - days to years depending on hardware
60–127 bits
Strong - decades or longer with current technology
128+ bits
Effectively uncrackable by brute force - ever
How is it calculated?

The formula is: entropy = log₂(possible characters ^ password length). For example, a lowercase-only 8-character password uses a pool of 26 characters: 26⁸ = 208 billion combinations = about 38 bits. Adding uppercase, numbers, and symbols grows the pool to 94 characters: 94⁸ = about 52 bits. Going from 8 to 16 characters doubles the exponent, jumping that to 105 bits - length matters far more than complexity alone.