Password Strength Analyzer
See how long it would take to crack your password. Get specific feedback on patterns, weaknesses, and improvements.
Your password never leaves your browser
How this works
- Analysis runs entirely in your browser using the zxcvbn library by Dropbox
- Your password is never sent to any server — check the network tab in DevTools to verify
- Breach checking uses the Have I Been Pwned k-anonymity API — only the first 5 characters of the SHA-1 hash are sent, never the full password
- Crack time estimates assume a determined attacker with modern hardware
This is 1 of 6 checks in the full Privacy Audit
Password strength is one factor. The full audit also checks your browser fingerprint, website trackers, email security, WHOIS exposure, and builds a personalized threat model. Run all 6 checks at once and get a prioritized action plan with one-click fixes.