Free tool

Password strength checker

See how strong a password really is — and why. Everything runs in your browser; nothing is sent, stored, or logged.

Awaiting input
  • At least 12 characters
  • 16+ characters (recommended)
  • Mix of upper, lower, digits & symbols
  • Not a common or breached password
  • No obvious patterns or repetition
  • Not based on a single dictionary word

Analysed entirely in your browser. Your password is never sent, stored, or logged. As good practice, test a password similar to — not identical to — one you actively use.

Need a stronger password? Create a strong, random one with our free password generator.

How password strength is measured

Real strength is not about ticking boxes like "has a capital letter." It comes down to how many guesses an attacker would need. This checker estimates that by looking at length, character variety, and — crucially — whether your password contains predictable elements: common passwords, dictionary words, keyboard runs like "qwerty", repeated characters, or dates. A long password built from a predictable pattern can be far weaker than it looks.

Why "P@ssw0rd1" is weak

It looks complex — uppercase, a symbol, a number — but every substitution in it is one attackers expect. Password-cracking tools try these transformations automatically, so a "complex" password built on a common word offers little real protection. Length and genuine randomness beat clever-looking substitutions every time.

What to do with a weak password

If a password you rely on scores poorly here, replace it with a long, random one and store it in a password manager. You can generate a strong replacement with our free generator, then keep each account on its own unique password so a single breach can never cascade.

Open the password generator

For organisations

Password hygiene is one small part of a security programme. GICCT trains teams in the practices that protect whole organisations.

Explore our courses