Ready
Ready
Enter password to check.
Guide
A Password Strength Checker analyses a password and gives you objective feedback on how resistant it is to cracking — specifically to brute-force attacks (trying every combination) and dictionary attacks (trying known words and common substitutions). This is distinct from a password generator: instead of creating a password for you, a strength checker evaluates one you've already chosen or are considering.
Password strength is quantified as entropy — measured in bits. Entropy represents the number of equally likely possibilities an attacker must try before being guaranteed to find your password. Each bit doubles the search space: a 40-bit entropy password has roughly 1 trillion (2⁴⁰) possible values; a 64-bit password has 18 quintillion.
Entropy depends on two factors: the character pool (how many unique characters are possible) and the length (how many characters the password has). The formula is: Entropy = log₂(pool sizeṱᴷⁿᵏᵗʰ ˢᴵᴼᵉⁿᵗʰ). A password using only lowercase letters has a pool of 26; adding uppercase doubles it to 52; adding digits gives 62; adding symbols expands it to 95+ possible characters.
A purely entropy-based assessment misses important real-world vulnerabilities:
Dictionary words: correct has low entropy because it's a dictionary word. Attackers use dictionary attacks that try millions of common words first. c0rrect (with substitutions) is slightly better but still vulnerable to "leet-speak" dictionaries.
Common patterns: Password1!, Qwerty123, Admin2024 are extremely common and appear near the top of leaked password databases. Even though they technically contain uppercase, lowercase, digits, and symbols, they are among the first passwords an attacker tries.
Keyboard walks: qwertyuiop, 1qaz2wsx — sequential keyboard patterns are well-known and listed in password crack dictionaries.
Repeated characters: aaaa1111 has very low entropy despite meeting minimum character-type requirements.
Breach exposure: The strongest passwords in theory can still be dangerous if they've appeared in a data breach and are now in publicly available password lists.
The UtilsGo Password Strength Checker evaluates all these dimensions and provides specific actionable feedback. All analysis runs in your browser — your password text is never transmitted to any server.
Calculates actual bits of entropy for mathematical security scoring beyond simple strength labels.
Checks against databases of millions of leaked and commonly-used passwords.
Provides specific, actionable suggestions to make your password stronger, not just a score.
Everything runs inside your web browser. We never upload your text, files, or personal data to any servers.
No sign-ups, no subscriptions, and no usage limits. Get your results instantly in a single click.