UtilityBase logoUtilityBase

Generators

Password Strength Checker

Entropy, crack-time estimates, and the exact weaknesses — analyzed locally.

Updated July 8, 2026

How to use the password strength checker

  1. 1Type or paste a password — analysis is live and local.
  2. 2Read the strength band, entropy bits, and both crack-time scenarios.
  3. 3Fix the specific weaknesses listed — each maps to a real cracking strategy.
  4. 4Generate a proper replacement with the password generator when done.

Common uses

  • Auditing whether your go-to password pattern would survive a breach
  • Demonstrating why 'Word123!' fails despite passing complexity rules
  • Choosing between passphrase candidates for a password manager master key
  • Teaching password security with numbers instead of lectures

Frequently asked questions

Is it actually safe to type a real password here?

The analysis runs entirely in your browser with zero network activity — verifiable in DevTools. That said, the healthiest habit is testing a candidate pattern rather than a live credential: check 'the kind of password you use,' learn what weakens it, then generate a fresh one.

What do the crack times actually assume?

The offline figure assumes an attacker has stolen a database of fast hashes and runs GPUs at ~10 billion guesses/second — the disaster scenario. The online figure assumes guessing through a rate-limited login form. Real strength lives between them, which is why 'centuries offline' is the target worth hitting.

Why is 'Summer2024!' weak when it has everything — caps, numbers, a symbol?

Because crackers don't brute-force character by character; they try patterns. Word + year + trailing symbol is among the first templates every cracking tool generates. Character-class checklists measure compliance, not strength — length and unpredictability are what actually cost an attacker time.

What actually makes a strong password?

Length plus randomness: a 16+ character generated password, or four-plus truly random words (the passphrase approach — long, strong, and typeable). Unique per site, stored in a password manager, with the memorization budget spent on the manager's master passphrase alone.

About this tool

The password strength checker analyzes a password the way cracking tools attack one: it measures raw entropy from length and character variety, then applies penalties for the patterns crackers try first — common passwords, dictionary words with numbers tacked on, keyboard and alphabet sequences, repeated characters, and years. You get crack-time estimates for two realistic scenarios (an offline attack at 10 billion guesses per second and a rate-limited online attack) plus a plain-English list of what specifically weakens your password. Analysis runs entirely in this page — the password is never transmitted, stored, or logged, which you can verify with the network tab open.

Like most tools on UtilityBase, the password strength checker runs entirely in your browser — nothing you enter is uploaded or stored on a server. It's free to use with no account required. Browse more generators here.

Was this tool helpful?

Related tools