Password Strength Checker: Real-Time Security Score and Recommendations
Most password strength meters only check for uppercase, lowercase, numbers, and symbols. Our checker goes further - detecting common dictionary words, keyboard walk patterns, repeated characters, and giving you specific, actionable suggestions to fix each weakness.
Enter any password and get an instant 0-100 security score with a breakdown of exactly which criteria pass and fail, estimated crack time, and targeted recommendations.
Password score is calculated by checking six security criteria:
Strength Score Thresholds
80-100 (Strong): Meets all criteria, no warnings. Suitable for any account.
60-79 (Good): Meets most criteria. Acceptable for most accounts.
40-59 (Fair): Meets basic criteria. Only for low-risk accounts.
20-39 (Weak): Missing several criteria. Not recommended.
0-19 (Very Weak): Fails most criteria. Immediately crackable.
Common Password Mistakes
Dictionary words: 'password', 'welcome', 'dragon' are in every cracker's list
Keyboard walks: 'qwerty', '1234', 'asdf' are obvious to automated tools
Substitutions: 'P@ssw0rd' is well-known - leet speak doesn't fool modern crackers
Personal info: Names, birthdays, and pet names are guessed early
Short length: Anything under 8 characters is trivially crackable
Practical Examples
Improving 'password1'
- 1.Current: password1 — Weak (35/100), common word detected
- 2.Add symbols: P@ssword1 — Fair (50/100)
- 3.Better: Str0ng&Unique9! — Good (80/100)
Creating a strong passphrase
- 1.4 random words: correct-horse-battery-staple
- 2.Result: Very Strong — high entropy, memorable
- 3.Even better: Add a number and symbol: correct-horse9-battery!
Frequently Asked Questions
How is password strength scored?
The score is based on six criteria: minimum 8 characters (+20 points), 12+ characters (+15), uppercase letters (+15), lowercase letters (+15), numbers (+15), and special characters (+20). A score of 80+ is Strong, 60-79 is Good, 40-59 is Fair, 20-39 is Weak, and below 20 is Very Weak.
What makes a password strong?
A strong password has: at least 12 characters (preferably 16+), a mix of uppercase and lowercase letters, at least one number, at least one special character, no common words or dictionary terms, no personal information, and no keyboard patterns like 'qwerty' or '1234'.
Does this tool check against leaked passwords?
No. This tool performs local pattern-based analysis only. For checking against known breached passwords, use the Have I Been Pwned API (haveibeenpwned.com). Our tool checks for common words and keyboard patterns but does not have a database of leaked passwords.
Is my password stored anywhere?
No. All analysis runs entirely in your browser using JavaScript. Your password never leaves your device and is never sent to any server. We do not log, store, or transmit any input.
What is a keyboard walk pattern?
A keyboard walk is a sequence of adjacent keys on the keyboard, like 'qwerty', 'asdfgh', 'zxcvbn', or '123456'. These patterns are among the first things password crackers check, making them extremely weak despite appearing complex to humans.
What score should I aim for?
Aim for at least 75+ (Good) for regular accounts and 85+ (Strong) for important accounts like email, banking, and social media. A strong password has 12+ characters with mixed types and no common patterns.
Should I use a passphrase instead?
Yes, passphrases are often better than complex short passwords. A phrase like 'correct-horse-battery-staple' has very high entropy (116+ bits) and is easier to remember than 'P@ssw0rd'. The key is using random, unrelated words.
How does common word detection work?
The checker scans your password for a list of the most commonly used passwords and words (password, 123456, qwerty, letmein, etc.). If your password contains any of these words as a substring, it warns you since attackers specifically target these patterns.