wyreup
inspect

Password Strength

Estimate password entropy in bits, classify character mix, and flag passwords from a small common-passwords list. Nothing leaves your device.

Loading…

About Password Strength

Password Strength estimates how hard a password is to guess by calculating its entropy in bits, describing its character mix, and checking it against a small list of well-known weak passwords. Reach for it when you want a sanity check on a password you just made up or one a policy is asking you to reuse. The check runs entirely in your browser, so nothing you type is ever sent anywhere.

Category
inspect
Input
Accepts: */*.
Output
Outputs: application/json.
Cost
Free, runs in your browser
Memory
low
Privacy: Password Strength runs entirely on your device. Files you provide never leave your browser — no uploads, no server, no tracking. The page works offline once loaded.

Common uses

  • Sanity-check a passphrase you invented before saving it to a password manager
  • See whether adding length or symbols actually raises the entropy or just feels safer
  • Catch that 'password123' or another top-list entry slipped into your draft credentials
  • Compare two candidate passwords side by side to pick the stronger one
  • Explain to a non-technical teammate why a short all-lowercase password is weak, using the bit count
  • Audit a legacy password before deciding whether it needs rotating

Frequently asked questions

Does this tool send my password anywhere?

No. The entropy math and the common-password lookup both run locally in your browser. Your password never leaves your device.

What does the entropy number in bits mean?

It is an estimate of how many guesses an attacker would need, expressed as a power of two. More bits means exponentially more guesses, so 60 bits is far stronger than 40.

What output do I get?

A JSON result with the estimated entropy in bits, a breakdown of which character classes you used (lowercase, uppercase, digits, symbols), and a flag if the password matches a known-weak entry.

Why was my long password still flagged as weak?

Length alone is not enough. If the password appears in the common-passwords list, or uses only one character class, the entropy stays low regardless of length.

Is the common-passwords list exhaustive?

No, it is a small curated list meant to catch obvious offenders. A clean result is not proof the password is uncracked, only that it is not on the list.

Keywords

  • password
  • strength
  • entropy
  • security
  • check
  • weak
  • strong
  • audit

Try next

Password Generator
create

Once you know what weak looks like, generate a high-entropy password instead of guessing.
Hash
inspect

Hash a password or file to compare digests without exposing the original value.
TOTP Code
inspect

Pair a strong password with a second factor by generating the matching TOTP code.
Color Palette
inspect

Extract dominant colors from an image as hex codes.
Image Diff
inspect

Pixel-level diff between two images of the same dimensions.
Image Info
inspect

Extract dimensions, format, and metadata from an image.
PDF Info
inspect

Extract page count and metadata from a PDF.
Hash
inspect

Compute SHA-256, SHA-1, or SHA-512 hashes of files.
JSON Formatter
inspect

Parse and pretty-print JSON with configurable indentation.
Extract PDF Tables
export

Extract tabular data from a PDF as JSON or CSV. Works well for simple tables with aligned columns and no merged cells. Complex tables, rotated text, and scanned PDFs (images) will not extract cleanly.
Topic Keywords
text

Pull the topic-bearing nouns and noun phrases out of any text. Answers "what is this about" — not "what words appear most" (try Text Frequency for that). Runs entirely in your browser.