Password Strength Analyzer & Checker
指导
Password Strength Analyzer & Checker
Analyze any password in real time to see its strength score, entropy, estimated crack times, and potential vulnerabilities. The analyzer detects common patterns, keyboard walks, dictionary words, and l33t speak substitutions — all without your password ever leaving your browser.
如何使用
Type or paste a password into the input field. The analyzer evaluates it in real time, showing a visual strength meter, detailed analysis, pattern warnings, and suggestions for improvement. Use the show/hide toggle to view the password as you type.
特征
- Visual Strength Meter – Four-level color-coded bar: Weak (red), Fair (orange), Strong (yellow), Very Strong (green)
- Entropy Calculation – Precise entropy in bits based on character pool size and password length
- Crack Time Estimates – How long to crack at three speeds: online attack (100/s), slow hash like bcrypt (10k/s), and fast hash with GPU farm (10B/s)
- Pattern Detection – Warns about common passwords, keyboard walks (qwerty), sequential characters, repeated characters, date patterns, and dictionary words
- L33t Speak Detection – Recognizes common substitutions like @ for a, 3 for e, 0 for o
- 改进建议 – Contextual tips based on detected weaknesses
- 100% 客户端 – Your password never leaves your browser — guaranteed
常问问题
-
What is password entropy and why does it matter?
Password entropy measures the randomness of a password in bits. It is calculated as log2(pool_size ^ length), where pool_size is the number of possible characters. Higher entropy means more possible combinations an attacker must try. A password with 40 bits of entropy has about 1 trillion combinations, while 80 bits has over a sextillion — making brute force impractical.
-
Why are common passwords like P@ssw0rd still weak despite having mixed characters?
Attackers maintain lists of the most commonly used passwords and their l33t speak variations. P@ssw0rd appears in virtually every password dictionary, so it would be cracked in seconds regardless of its character diversity. Pattern-based attacks check known substitutions (@ for a, 0 for o, 3 for e) before brute force.
-
How long should a password be to be considered secure?
For passwords protected by modern slow hashing algorithms like bcrypt, 12-16 characters with mixed character types provides strong protection. For systems using fast hashes like MD5 or SHA-1, longer passwords (16-20+) are needed. Passphrases of 4-5 random words (20-30 characters) offer both security and memorability.
-
What is a keyboard walk and why is it a security risk?
A keyboard walk is a password created by pressing adjacent keys in sequence, like qwerty, asdfgh, or zxcvbn. These patterns feel random to users but are well-known to attackers. Password cracking tools include keyboard walk dictionaries that test these patterns early in an attack, making them far weaker than their length suggests.
