Password Strength Checker

Entropy measures the randomness in a password, expressed in bits. Higher entropy means more possible combinations an attacker must try. A password with 40 bits of entropy has 2^40 (about 1 trillion) possible combinations. Generally, 60+ bits is considered strong and 80+ bits is very strong.

Crack time estimates assume an attacker making 10 billion guesses per second, which represents a powerful GPU-based attack. The calculation divides the total number of possible combinations (2^entropy) by this rate. Real-world times may be shorter if the password uses common patterns or dictionary words.

Attackers try common passwords and patterns first before brute-forcing. A password containing "password", "123456", or keyboard walks like "qwerty" will be attempted early in any real attack. Pattern detection helps identify passwords that look complex but are actually predictable.

Generally yes. A 20-character lowercase passphrase has more entropy than an 8-character password with mixed symbols. Length contributes more to entropy than character variety. Four random words (like "correct horse battery staple") can be both strong and memorable.