Password Entropy Checker
Entropy bits and realistic crack-time estimates — your password never leaves the page.
Analysis runs entirely in this tab. The input is never persisted, never written to the URL, and never transmitted — verify in devtools.
Character pools detected
- lowercase a–z+26
- uppercase A–Z—
- digits 0–9—
- symbols+33
- Pool size59
Entropy = length × log₂(pool) = 21 × log₂(59). This models a brute-force attacker; dictionary patterns make real passwords weaker than the number suggests.
Very strong — 21 characters over a pool of 59. 60+ bits resists offline GPU attacks; 80+ bits is durable against clusters.
Time to crack (average case)
| Scenario | Time |
|---|---|
Online attack, rate-limited 10k guesses/sec — throttled web login | longer than the universe has existed |
Offline attack, single GPU rig 10B guesses/sec — leaked fast-hash database | longer than the universe has existed |
Offline attack, GPU cluster 1T guesses/sec — nation-state / large botnet | longer than the universe has existed |
Crack times assume the attacker knows your exact character pool and the hash is fast (MD5/SHA-1). Slow hashes like Argon2id multiply these times by orders of magnitude.
How it works
Password strength is not a vibe — it is arithmetic. This checker detects which character pools your password draws from (lowercase, uppercase, digits, symbols), sums the pool size, and computes entropy as length × log₂(pool). The result, expressed in bits, tells you how large a keyspace an attacker must search: every additional bit doubles their work. A ten-character lowercase password covers 26¹⁰ possibilities (~47 bits); add length rather than exotic symbols and the number climbs fastest.
Raw entropy is then translated into crack times across three labeled attacker models. The online scenario assumes a throttled login endpoint at ten thousand guesses per second — the ceiling for an attacker without your password database. The offline scenarios assume the service was breached and its hashes leaked: a single modern GPU rig manages roughly ten billion fast-hash guesses per second, and a dedicated cluster a trillion. Times shown are average-case (half the keyspace), the honest expectation rather than the worst case.
Entropy math has a blind spot the tool corrects for: humans do not pick randomly. Your input is checked against an embedded list of the hundred most common breached passwords — the opening moves of every real cracking run. Anything on that list is flagged as breached and scored accordingly, because dictionary attacks ignore keyspace entirely. The check, like everything else here, runs locally; the password is never stored, never encoded into a shareable URL, and never transmitted.
Two practical thresholds anchor the strength meter. Sixty bits resists offline GPU attacks for years even against fast hashes; eighty bits holds against well-funded clusters for geological timescales. Both are trivially reachable: four random dictionary words clear sixty bits, and a password manager's twenty random characters sail past one hundred and thirty. The deeper lesson the crack-time table teaches is that the service's hashing choice matters as much as your password — a slow, salted hash like Argon2id multiplies every number in the table by five or six orders of magnitude.
Frequently asked questions
Is it safe to type a real password into this tool?
The analysis runs entirely in your browser tab: the input is held only in component state, never written to the URL, never persisted to localStorage, and never sent over the network — you can confirm zero requests in devtools while typing. That said, defense in depth is good practice: testing a structurally similar password rather than your actual one gives you the same information with zero exposure.
What does entropy in bits actually mean?
Entropy measures how many guesses an attacker needs in the worst case. A password with n bits of entropy requires up to 2^n guesses to brute-force, with the average success at half that. The formula used here is length × log₂(pool size), where the pool is the set of characters the password draws from. Each additional bit doubles the attacker's work, which is why length beats complexity — every extra character adds the full log₂(pool) bits.
Why are there three different crack-time scenarios?
Because attacker capability spans eight orders of magnitude. An online attacker hammering a rate-limited login form manages perhaps ten thousand guesses per second. An attacker who stole a database of fast hashes (MD5, SHA-1) can run ten billion guesses per second on one consumer GPU rig. A cluster or botnet reaches a trillion. The same password can be effectively uncrackable online yet fall in hours offline — which scenario matters depends on how the service stores its hashes.
My password has high entropy — why is it still flagged as breached?
Entropy math assumes the attacker brute-forces randomly, but real attackers try leaked passwords first. This tool checks your input against an embedded list of the hundred most common breached passwords; anything on that list falls to a dictionary attack in milliseconds regardless of its theoretical entropy. The same logic applies to dictionary words with predictable substitutions — P@ssw0rd scores decent bits but sits near the top of every cracking wordlist.
What is a genuinely strong password strategy in 2026?
Use a password manager generating 20+ random characters per site, which yields well over 100 bits — beyond any feasible brute force. For passwords you must memorize (the manager's master password), use a passphrase of five or more random words: easy to recall, 60+ bits of entropy, and immune to character-substitution wordlists provided the words are chosen randomly rather than as a meaningful sentence. Enable two-factor authentication everywhere; it makes password compromise survivable.
Built by FORG — AI cost observability for agentic coding. Free tools, no signup, nothing leaves your browser.
Learn about FORG