Password Strength Calculator

Password entropy measures the unpredictability of a password in bits. It represents the number of binary yes/no decisions an attacker must make to guess your password through brute force. A password with 40 bits of entropy has 2⁴⁰ (about 1.1 trillion) possible combinations. Each additional bit doubles the search space, making the password exponentially harder to crack. The formula is: Entropy = Length × log₂(Charset Size). For example, an 8-character password using only lowercase letters (charset = 26) has 8 × 4.7 = 37.6 bits of entropy. However, raw entropy assumes each character is perfectly random — real-world passwords often contain patterns that reduce their effective strength. This calculator detects those patterns and applies penalties to give you a more realistic security assessment.

This calculator goes beyond simple entropy math by applying a multi-layer analysis. First, it calculates raw entropy from the character set size and password length. Then it scans for weakness patterns: common passwords (top 200 from breach databases), keyboard walks (qwerty, asdf), sequential characters (abc, 123), repeated characters (aaa), leet speak substitutions (@ for a, 0 for o), and trailing year patterns (2024, 2025). Each detected pattern applies an entropy penalty, producing an 'effective entropy' score that better reflects real-world crackability. Crack times are estimated for 7 scenarios: from rate-limited online attacks (100 guesses/sec) to theoretical quantum computers using Grover's algorithm (which halves the effective bit length). All analysis runs entirely in your browser — your password is never transmitted anywhere.