Type a password to test in the field above.

Password Strength:


Number of Guesses: 100
Estimated number of attempts needed to guess this password.



Attack Type Crack Time
Online/No Throttling

This section of the page will display test results once you enter a password in the text field above.

This tool allows you to test the strength of passwords.


Type a password in the text field on the left, and the estimated password strength, suggestions, and estimated crack times will be shown below.

Crack Times

  • Online/Throttling: Online attack on a service that rate-limits password authentication attempts.
  • Online/No Throttling: Online attack on a service that doesn't rate-limit, or where an attacker has outsmarted rate-limiting.
  • Offline/Slow: Offline attack. Assumes multiple attackers, proper user-unique salting, and a slow hash function with moderate work factor, such as bcrypt, scrypt, or PBKDF2.
  • Offline/Fast: Offline attack with user-unique salting but a fast hash function like SHA-1, SHA-256, or MD5. A wide range of reasonable numbers anywhere from one billion to one trillion guesses per second, depending on number of cores and machines, and ballparking at 10B/sec.