// Password
See how a password is actually guessed, build ones that resist it, and learn what matters even more than strength. Everything runs in your browser.
Nothing you type here leaves your browser. The analyzer and generator are local JavaScript: as you type, analyze, and generate, no request carries your input off the page. Don't take our word for it: open DevTools → Network, then type and nothing new shows up. Still cautious? Use an example below or the generator, so you never have to type your real password.
Test a password
Try one:
0 bits
to guess
·
naive meter0 b
reality0 b

Why each word lights up red, but the passphrase still scores strong

The analyzer flags a word because a password that is a word, even with a 2024 or a ! on the end, is a choice a human makes and a wordlist already contains. Guessing software works through those lists first, roughly in the order people pick them, so the weakness isn't the letters. It's that you chose something choosable.

A passphrase removes the choice. The words are drawn at random, by dice or a generator, not by you, and you chain several. "It's a common word" no longer helps the guesser, because every word was equally likely. The strength comes from randomness times the number of words, not from the words being obscure.

A word you picked is weak. Several words picked at random are strong. It's the randomness and the count, not the vocabulary.

One honest caveat: a long random string from a password manager has even more entropy than a passphrase. A passphrase isn't the strongest option, it's the strongest one you can remember. Use it for the few passwords you must type from memory, and let a manager handle the rest.

See it: type (one word, instant) then (four random words) and watch the field above.

There's no single "best" password

Strength and memorability pull against each other. The trick isn't to win that fight with one heroic password you reuse everywhere, it's to use the right tool for each job. All three below are generated in your browser; the numbers are real.

Generate one, and see why it's good

Picked with your browser's cryptographic RNG (crypto.getRandomValues) using rejection sampling, so there's no modulo bias and every choice is uniform, which is why the bit count is exact. Use the passphrase for the handful you must memorize; for everything else, let a password manager generate and store a long random one so you never have to type it.
What actually gets passwords stolen

Strength bars are fun, but they measure only one thing: how hard a password is to guess. That matters in exactly one situation. Here's roughly how accounts are really lost, most common first.

  • Reuse. One site gets breached, and attackers replay your email and password on every other site you use. This is the most common takeover by far, and entropy does nothing to stop it. Fix: a different password for every account.
  • Phishing. You type your password into a convincing fake page. A 100-bit password is handed over just as fast as a weak one. A password manager helps (it won't autofill on the wrong domain), and 2FA limits the damage.
  • Malware and keyloggers. Software on your device reads the password as you type it. Keep your devices clean and up to date.
  • A site leaking its password database. This is the one case where the strength on this page matters: the attacker now has to crack the stored hash, and you can't control how the site hashed it. A long, un-guessable password means a leak doesn't expose it.

The strongest single move isn't a better password. It's to stop reusing them: a password manager, a unique random password per site, and 2FA wherever it's offered.

The short version
Use a password manager. It generates and remembers a unique random password for every account, which removes the strength-versus-memory tradeoff entirely.
Never reuse a password. Reuse is what actually gets people owned; one leak should not unlock everything you have.
Turn on two-factor authentication wherever it's offered. It protects you even when a password leaks.
Memorize only a few. Your device login and the manager's master password should be passphrases of six or more random words. The manager covers the rest.
Length and randomness beat "complexity rules". And you don't need to rotate a strong, unique password on a schedule; change it only if you have reason to think it leaked.
// How this estimate works
We estimate the cheapest way to guess your password: dictionary words and names (even disguised with l33t or capitals), keyboard walks, sequences, dates, repeats, and brute force for whatever's left. It's a heuristic in the spirit of zxcvbn and deliberately pessimistic, so treat it as an upper bound.
The "time to crack" assumes one specific scenario: a site leaked its password database, used a fast hash, and someone is brute-forcing yours. That's real, but as above it isn't the usual way passwords are lost. It's here to build intuition, not to score your safety.
When you generate a passphrase we know its entropy exactly (the dice are uniform); when you analyze one we can only estimate it, so the two numbers come out close but not identical. The word list is a large sample, not every word, so a rare word can read a little stronger than it is.
It all happens here, on your device. More on what we can and can't see is on How it works.