How to Properly Evaluate Password Strength

Creating a secure password shouldn't be an exercise in memorizing random characters. This tutorial will guide you on how to evaluate and improve your passwords using our Password Strength Checker.

Step 1: Input Evaluation

Navigate to the Password Strength tool. You will see a large, central input field. Note: As you type, notice that there is absolutely no network activity going from your browser to a server. Your keystrokes remain entirely local on your device.

Begin typing a password you currently use.

Step 2: Understanding the Score

Our tool breaks passwords down into a rating of 0 to 4.

• Score 0/1 (Red/Orange): This password is in active dictionaries or uses terrible substitution patterns. It will likely be cracked in seconds.
• Score 2 (Yellow): Fair, but vulnerable to un-throttled guessing.
• Score 3 (Blue): Good. Offers solid resistance against typical offline attacks.
• Score 4 (Green): Strong. Mathematically unfeasible to crack within a human lifetime using current technology.

Aim for a 3 or 4 for critical accounts (Banking, Email, File Storage).

Step 3: Crack Time Context

Look at the Estimated Time to Crack panel. The tool shows three vectors:

• Offline (Fast Hashing): This represents a massive GPU cluster attempting to crack stolen, weakly-hashed password databases.
• Online: This estimates an attack made against a live website login page that limits the attacker to 10 guesses per second.

If your "Offline" estimate is under a hundred years, consider padding it.

Step 4: Iterative Improvement

If your score is low, read the Feedback Insights panel. The algorithm will tell you specifically what is wrong. It might say "This is a top 100 common password" or suggest adding un-related words. Keep adding words or characters until you hit that coveted 4/4 score!