Score password strength from 0–4 based on length, charset diversity, dictionary patterns, and entropy. Get actionable improvement tips.
A strong password protects your accounts from brute-force attacks, credential stuffing, and dictionary attacks. But how do you know if your password is actually strong? This checker scores your password on a 0–4 scale by analyzing multiple strength factors: total length, character class diversity (lowercase, uppercase, digits, symbols), common dictionary patterns, and raw entropy.
Unlike simple length-only checks, this tool penalizes predictable patterns like sequential characters, repeated characters, and common words. A score of 0 means the password is trivially guessable, while 4 indicates excellent resistance to all common attack types. Use this tool to audit existing passwords or validate that new passwords meet your security standards.
This measurement provides a critical foundation for capacity planning and performance budgeting, helping teams align infrastructure resources with application requirements and growth projections. Integrating this calculation into monitoring and reporting workflows ensures that engineering decisions are grounded in real data rather than assumptions about system behavior.
Most password meters use simplistic rules that can be gamed easily. This checker combines multiple scoring dimensions to provide a more realistic assessment. It helps individuals choose better passwords and helps organizations set evidence-based password policies that actually improve security rather than just adding user friction. Regular monitoring of this value helps DevOps teams detect anomalies early and maintain the system reliability and performance that users and business stakeholders expect.
Score = sum of factor scores / 4. Length: 0 (< 6), 1 (6–7), 2 (8–11), 3 (12–15), 4 (16+). Diversity: +1 per class (lower, upper, digit, symbol). Pattern penalty: −1 for repeats, sequences, or common words. Entropy factor: mapped from bits (< 25: 0, 25–49: 1, 50–74: 2, 75–99: 3, 100+: 4). Final = min(4, rounded average).
Result: Score: 3/4 — Strong
This 11-character password uses all four character classes (diversity score: 4), has decent length (score: 2), no obvious sequential patterns (pattern score: 3), and 72 bits of entropy (entropy score: 2). The averaged result rounds to a score of 3 (Strong), though increasing length to 14+ characters would push it to 4.
This checker evaluates four independent dimensions of password quality and combines them into a composite score. Each dimension captures a different aspect of resistance to real-world attacks.
Length is weighted heavily because it has the greatest mathematical impact on brute-force difficulty. Every additional character multiplies the search space by the charset size. We score on a 5-point scale with breakpoints at 6, 8, 12, and 16 characters.
Using multiple character classes forces attackers to test a larger alphabet per position. Each class present (lowercase, uppercase, digits, symbols) adds one point. However, diversity alone cannot compensate for insufficient length.
Common patterns dramatically reduce effective entropy. Our checker detects sequential runs, repeated characters, and well-known password patterns. These detections result in score penalties that reflect the real-world disadvantage of predictable passwords.
The raw entropy in bits provides an objective mathematical measure of password strength. We map entropy ranges to scores that align with known brute-force capabilities of modern hardware.
0 = trivially guessable, 1 = very weak (easily cracked), 2 = fair (resists casual attempts), 3 = strong (resists most attacks), 4 = very strong (excellent protection). Most security guidelines recommend a minimum score of 3.
This calculator runs entirely in your browser. No passwords are sent to any server. All processing happens locally on your device. However, for maximum caution, you can test passwords with similar characteristics rather than your exact password.
Special characters help, but they can't compensate for short length or predictable patterns. A 6-character password with symbols is still weak because the total entropy is too low. Length contributes more to security than character complexity.
Entropy is estimated as length × log₂(charset size), where charset size is determined by the character types present. This assumes random character selection; real passwords with patterns or words have lower effective entropy.
Sequential characters (abc, 123), keyboard walks (qwerty), repeated characters (aaa), leetspeak substitutions (p@ssw0rd), and dictionary words all reduce effective password strength because attackers specifically target these patterns. Sharing these results with team members or stakeholders promotes alignment and supports more informed decision-making across the organization.
This tool provides individual password assessment. For organizational policies, combine minimum score requirements with maximum age policies, breach database checks (like HIBP), and mandatory MFA. NIST recommends focusing on length minimums over complexity rules.