Password Strength Checker

Analyze a password locally: 0–100 score and tier (Very Weak → Very Strong), checklist for length, character classes, weak-list match, and simple pattern regex (123, abc, password, etc.), actionable suggestions, rough crack-time estimate assuming ~1B guesses/sec and naive charset size — optional show/hide. Nothing is uploaded.

passwordsecurity

Category: Data & Text Processing

Password

Very Weak20 / 100

Estimated crack time (rough, ~1B guesses/sec): —

Criteria

At least 8 characters
At least 12 characters
Contains uppercase letter
Contains lowercase letter
Contains number
Contains special character
No common patterns (123, abc, password, qwerty)
Not a top weak password

Suggestions

Use at least 8 characters.
Aim for 12+ characters for better security.
Add uppercase letters.
Add lowercase letters.
Add numbers.
Add special characters (!@#$…).

What this strength checker does

Type a password to see a quick health report: a 0–100 score mapped to tiers from Very Weak to Very Strong, a checklist of common policy items (at least 8 and optionally 12 characters, uppercase, lowercase, digit, symbol, absence of trivial keyboard patterns, and not matching a small built-in list of famously weak passwords), and a short suggestion list for anything that failed. A separate line estimates how long an idealized offline brute-force attacker might need if they could try about one billion random guesses per second against your character set — that number is educational only.

How the score is computed

Points are awarded for length bands, each character class present, and for avoiding the weak list and a regular-expression test for substrings like 123, abc, qwe, password, or asdf. The total is capped at 100 and drives both the tier label and the progress bar color. This is a heuristic model, not machine learning and not a breach-database lookup.

Crack time estimate

The tool guesses an alphabet size from what character classes appear (lowercase, uppercase, digits, symbols with a fixed symbol-size assumption), raises that to the power of the password length, and divides by 1e9 attempts per second to produce a human-readable duration. Real attackers use dictionaries, rules, GPU clusters, and stolen hashes — treat the estimate as an order-of-magnitude illustration, not a guarantee.

Privacy

Analysis runs entirely in your browser tab. Your password is not transmitted to Dynamic Duniya. Avoid typing real production secrets on shared or recorded screens even when processing is local.

Frequently Asked Questions

Does this query Have I Been Pwned or a leak database?

No. It only uses local rules, a short static weak-password list, and a simple pattern test. For breach reuse checks, use your password manager or a dedicated API with k-anonymity.

Why is my long password still “Fair”?

Length alone does not max the score; missing character classes, pattern hits, or weak-list matches reduce points. Follow the checklist and suggestions.

Is the crack time realistic for web logins?

No. Online logins are rate-limited and monitored. The estimate models offline guessing against a stolen hash with idealized math — useful for intuition, not for compliance sign-off.

Can I hide the password while typing?

Yes. Use the eye toggle next to the field to switch between masked and visible text.

Is the Password Strength Checker free?

Yes. No signup is required.

Tips

Quick guidance for using our tools safely and effectively.

Privacy

Files are processed on the server for conversion only and are not used for training or shared with third parties.

Best results

Use the formats suggested in each tool. Large media files may take longer — keep the tab open until processing finishes.

Need something else?

Browse related tools below or explore other categories from the main Dev Tools hub.

Related tools

More utilities in the same category.

CSV ↔ JSON Converter

New

Switch CSV → JSON or JSON → CSV. RFC 4180–style CSV parsing (quoted fields, doubled quotes), delimiter choice for import (comma, semicolon, tab, pipe), optional header row or col1… keys, pretty or minified JSON, stats after convert. JSON → CSV needs a non-empty array of objects; union of keys becomes columns; output CSV uses commas. Upload .csv/.json, load examples, copy, or download output.json / output.csv — all client-side.

csvjson+1

List Delimiter & Formatter

New

Paste a spreadsheet column or any list: explode on newlines, whitespace, commas, or semicolons; trim and filter empty cells; optionally dedupe. Join records with comma, semicolon, pipe, space, or newline; wrap each value in single or double quotes (escaped); optional per-record HTML/XML tags; optional groups of N with wrap tags; tidy mode strips newlines from the final string. Live preview, copy, select-all — all client-side.

delimitercomma+3

JSON ↔ YAML Converter

New

Convert JSON to YAML or YAML to JSON in the browser with js-yaml: JSON.parse + YAML dump (2-space indent, 120-char wrap) or yaml.load + pretty JSON (2-space indent). Debounced live conversion as you type, line numbers on both sides, Convert now, copy, and download output.yaml / output.json.

jsonyaml+1

JSON Visual Editor

New

Paste or upload JSON and edit it with an auto-generated form — add array items, update fields, download valid JSON. No coding required; runs entirely in your browser.

jsoneditor+5

XML ↔ JSON Converter

New

Convert XML to JSON or JSON to XML in the browser with fast-xml-parser: attributes map to configurable-prefixed keys (default @), trimmed text nodes, optional compact output, optional UTF-8 XML declaration on JSON→XML, and a root wrapper for bare arrays or scalars. Convert on demand, character/node estimate, copy, download output.json / output.xml.

xmljson+1

CSV to XML Converter

New

Paste or upload CSV up to 5 MB with auto or fixed delimiters (comma, semicolon, tab, pipe), optional header row and cell trim, then build XML with your root and row tag names, child elements or row attributes, XML declaration toggle, and 2- or 4-space indent. Preview with basic syntax coloring or raw textarea, DOMParser validity check, character and line counts, copy, and download as a basename-converted.xml file—all in the browser.

csvxml+4