Password Strength Checker
SecurityCheck how strong your password really is against length, character variety, and common patterns. Instant, private — nothing you type ever leaves your browser.
What is a Strength?
A Password Strength Checker evaluates a password against the factors that actually determine how hard it is to crack — length, character variety (lowercase, uppercase, numbers, symbols), and whether it matches one of the extremely common passwords attackers try first in any real attack. Rather than a vague "good" or "bad" verdict, the Password Strength Checker shows a 0–100 score, a strength label, and a rule-by-rule breakdown of exactly what's missing.
This is a structural check, not a breach-database lookup — it tells you whether a password is built well, not whether that specific password has previously appeared in a known leak (which would require sending the password to a third-party service, something this tool deliberately never does). If you'd rather skip the guesswork entirely, the Password Generator creates a strong, random password for you in one click.
How to use this Strength calculator
- Type a password into the Password field — nothing is submitted or sent anywhere as you type.
- Click the eye icon if you want to reveal the password in plain text to double-check what you typed.
- Watch the strength meter and label (Very Weak through Strong) update instantly.
- Review the rule checklist below the meter to see exactly which factors passed and which didn't.
- Adjust the password to address the failing rules, and watch the score update again until you reach Good or Strong.
Formula & Methodology
The checker evaluates six equally-weighted rules, each worth roughly 16.7 points toward a 0–100 score: 1. At least 8 characters 2. At least 12 characters (a stronger length bar) 3. Contains a lowercase letter 4. Contains an uppercase letter 5. Contains a number 6. Contains a symbol The score is the percentage of rules passed, rounded to the nearest whole number. If the password exactly matches one of a small set of extremely common leaked passwords (e.g. "password", "123456", "qwerty"), the score is capped at 20 regardless of how many other rules it satisfies, since those specific passwords are the very first ones tried in real-world credential attacks. Example — weak:password1passes only the length and character-variety rules partially (lowercase + number, 9 characters) and also matches a common pattern closely related to a leaked password, scoring well below the Good threshold. Example — strong:Tr7$kPlume92!is 13 characters and includes all four character types, scoring 100 and clearing every rule.
Frequently Asked Questions
What does a password strength checker actually measure?
This tool measures your password against six factors: whether it's at least 8 characters, whether it's 12 or more characters, and whether it mixes lowercase letters, uppercase letters, numbers, and symbols. It also checks the password against a short list of extremely common leaked passwords, since length and character variety mean nothing if the password itself is one attackers already try first.
How is the strength score calculated?
Each of the six checks contributes equally to a 0–100 score — pass all six and you get 100, pass three and you get 50. If your password matches a known common password like "password123" or "qwerty", the score is capped at 20 regardless of length or character variety, since those passwords are tried first in any real attack.
What counts as a strong password here?
A score of 80 or above is labelled Strong, 60–79 is Good, 40–59 is Fair, 20–39 is Weak, and below 20 is Very Weak. The tool considers a password acceptable (shown as Valid) only at Good or above, and never if it matches a common leaked password.
How do I check my password's strength?
Type your password into the input field and the strength meter and rule checklist update instantly — nothing is submitted, there's no button to click. Use the eye icon to toggle showing the password in plain text if you want to double-check what you typed.
Is my password stored or sent anywhere?
No. The entire check runs inside your browser using simple pattern matching — your password is never transmitted over the network, logged, or stored anywhere, even temporarily. Closing the tab leaves no trace of anything you typed.
Why is my password marked weak even though it's long?
Length alone is only one of six factors. A long password made entirely of lowercase letters (like "elephantgarden") still scores lower than a shorter password mixing case, numbers, and symbols, because character variety multiplies the number of possible combinations an attacker would need to try far more than length alone.
Why does this flag my password as weak when it's not in any dictionary?
This checker only flags a small list of extremely common, frequently leaked passwords — it doesn't check against a full dictionary or a breach database. A password can avoid that list entirely and still score low if it's short or uses only one character type; the checklist below the meter shows exactly which factors are missing.
Does a high score mean my password has never been leaked?
No — this tool only checks structural strength (length and character variety) plus a small common-password list; it cannot check your password against real-world data breach databases, since doing that would require sending your password to a third-party service. A high score here means the password is structurally strong, not that it's guaranteed never to have appeared in a breach.
What makes a password genuinely hard to crack?
Length matters more than complexity rules — a 16-character password is dramatically harder to brute-force than a 10-character one, even with fewer character types. Combining sufficient length (12+) with at least three of the four character types (lowercase, uppercase, numbers, symbols) gives the best practical balance of strength and memorability.
Should I use a password manager instead of memorising strong passwords?
Yes — using a password manager lets you generate and store long, fully random passwords for every account without needing to remember any of them, which is more secure than reusing a single memorable strong password everywhere. The [Password Generator](/password-generator/) on this platform can create one in seconds.
Can I check multiple passwords at once?
No — this tool checks one password at a time, by design, since pasting in a whole list of real passwords would be a poor security practice even on a tool that doesn't store anything. Check each password individually when auditing your own accounts.