Most people think a password is strong if it is long and has some symbols. But password strength is about entropy — the mathematical unpredictability of the password. Here is what actually gets measured and how to test any password.
What a Password Strength Checker Measures
- Character set size — Lowercase only (26 chars) vs mixed case + numbers + symbols (95 chars). Larger character sets multiply possible combinations exponentially.
- Length — Each extra character raises the number of possible combinations by the character set size. Going from 12 to 16 characters multiplies difficulty by ~81 million.
- Pattern detection — Dictionary words, names, dates, keyboard walks (qwerty, 123456), and common substitutions (@ for a, 3 for e) dramatically reduce actual strength.
- Entropy in bits — The information-theoretic measure of unpredictability. 128+ bits is considered uncrackable with current technology.
How to Test Your Password Strength
Use Anonymiz Password Strength Checker — enter any password and see its entropy score, estimated crack time at modern GPU speeds, character analysis, and specific suggestions. Runs entirely in your browser — your password is never transmitted.
What Makes a Password Actually Strong
- At least 16 characters.
- Random — not a word, phrase, or predictable pattern.
- Mixed case, numbers, and symbols.
- Unique — not used on any other account.
Crack Time Reference
- 8 chars, lowercase: cracked in under 1 hour on a GPU
- 10 chars, mixed case + numbers: a few days
- 14 chars, full character set: thousands of years
- 20 chars, random full set: longer than the age of the universe
If Your Password Is Weak
Generate a strong replacement immediately with Anonymiz Password Generator. Use a password manager (Bitwarden is free and open-source) to store it securely.
