Check your password strength

Using this password strength meter, you'll be able to test the strength of any password. The application was created with a purely educational purpose, in order to help you understand how to create a stronger password. You'll be provided with real-time feedback about bad practices, and about how to improve the strength of the password. However, there is no official weighting system to assess the strength of any given password, so we're using multiple factors and custom formulas in our algorithm.
*All the processing is happening in your browser (coded in JavaScript) and no passwords are stored.

Strength 0%
 
Password Complexity:
Password Entropy:
0 bits
( the higher, the better. Aim for at least 70 bits )
Estimated password cracking time by a brute force attack:
Password Blacklist Check:
Recommended Count
 
Password length (at least 12 characters)
0
 
Use Uppercase Letters [A-Z]
0
 
Use Lowercase Letters [a-z]
0
 
Use Numbers [0-9]
0
 
Use Symbols [!@#]
0
Bad Practice Warnings
 
Your Password Contains Only Letters
 
Your Password Contains Only Numbers.
 
Your password contains Repeated Characters.
 
You have too many Consecutive Uppercase Letters
 
You have too many Consecutive Lowercase Letters. Try to include some Uppercase in between.
 
Your password contains a Number. Make sure is not related with anything personal (birth date, house nr etc)
 
Your password contains Sequential Letters (abc...)
 
Your password contains Sequential Figures (123...). Very bad practice.
 
Your password contains Sequential Symbols (!@#).

Tips on how to create strong passwords

In order to create a strong password, you need to understand first how the strength of a password is calculated and how it can be hacked. Basically, it is all reduced to the total possible combinations between the length of the password and the total characters of the used charset. So for example, if you have a password of 8 characters in length and you only use numbers (let's say 45379821), then the formula to calculate the total possible combinations is 10^8 = 100.000.000 total possible password combinations. It may seem a lot, but believe it or not, an average modern computer can process all these combinations (this is called a brute force attack) in about 3 minutes. If we're talking about supercomputers or a botnet, then the time to crack it is reduced to a few milliseconds.

Formula variables:
8 - the length of the password
10 - the total of characters in the charset (in this case 0-9)

Now let's take again a password with 8 characters but this time we'll use numbers, lowercase, uppercase and symbols (Ha%bL-sq). We end up with a charset of 94 total characters.

94^8 = 6.0956894e+15 total combinations

For the same average pc, it would take now about 386 years to process all the combinations. A botnet though would probably manage to crack it in under 35 hours. Using a password with 8 characters isn't quite secure in any combination.

So, when it comes to creating strong passwords:
1. Length matters a lot.
2. Total charset used matters a lot
3. Randomness matters

Why do we say randomness maters? You would probably think now that sticking a bunch of regular words into a longer password "Charlie75theBeast" is very secure. Well, it's not. These types of passwords can be easily cracked with another type of attack, called a dictionary attack. This takes us to the next point, what to avoid when creating your passwords.

Weak passwords

Avoid these practices when creating your password

1. Don’t use your personal data, especially your name, your children names, husband, wife, girlfriend etc. Also avoid using your (or their) date of birth, phone number, street address, car plate number, etc. This is because hackers can create a custom dictionary attack based on all your personal data, which is pretty easy to get from social media these days.

2. Don't use common dictionary words, even if it's a long word or a couple of words together. Again, you can be targeted with a dictionary attack.

3. Don't use sequential letters or numbers (1234567, abcdef) or keyboard patterns (qwerty).

4. Don't use the same password on all your accounts, at least for important ones.

5. Don't use uppercase letters or numbers only at the beginning or at the end of your password. This is a very common pattern.

6. Whatever you do, don't use a blacklisted password because it will be breached in a blink. Our application searches in a list with 100000 passwords exposed in recent years. For example, these are the 25 most used passwords in 2018.

  • 1. 123456
  • 2. password
  • 3. 123456789
  • 4. 12345678
  • 5. 12345
  • 6. 111111
  • 7. 1234567
  • 8. sunshine
  • 9. qwerty
  • 10. iloveyou
  • 11. princess
  • 12. admin
  • 13. welcome
  • 14. 666666
  • 15. abc123
  • 16. football
  • 17. 123123
  • 18. monkey
  • 19. 654321
  • 20. !@#$%^&*
  • 21. charlie
  • 22. aa123456
  • 23. donald
  • 24. password1
  • 25. qwerty123

Conclusion

So, when it comes to creating a strong password you have one of these 3 options:

1. Use a random password generator and create a password of at least 12 characters ( numbers, lowercase, uppercase, and symbols combined ). It is harder to remember, but it's the most secure.

2. Use a longer passphrase but include uppercase, numbers, and symbols. You could do some character replacements like this “myPa$$w0rd!s^longerThany0urs”. Many articles on the web advise just to slam together 3 random words, and that's it. Of course, it is easier to remember and faster to type, but 3 dictionary words in lowercase are much weak.

3. Use a password manager software. It can create and easily manage all your passwords. There are plenty of choices here and some security suites have password managers included.

Now that you have a strong password, be sure to keep it for yourself :) .