Uses smart guessing (dictionary + common patterns) when available and shows crack estimates across attacker models.
Prefer local zxcvbn.js to keep this fully offline.
Privacy: Local-only when zxcvbn.js is local
1) Test a password
Enter a password to evaluate
Score: —
Effective guesses: —
Model: —
—
Length
—
Character set
—
Estimator engine
2) What we detected and how to improve
Detected issues
Smart guessing prioritizes dictionaries, common substitutions (a→@), dates/years, keyboard patterns, and repetition.
If zxcvbn.js is missing, this page falls back to simpler heuristics.
Recommendations
Best practice: unique passwords everywhere. Use a password manager for random strings, or use a long passphrase (4–6+ words).
Combine with MFA and strong rate limiting in enterprise environments.
Offline crack time varies massively with hash/KDF parameters, attacker hardware, and budget. Use these estimates as directional guidance.