Comparitech Logo

Test my password strength

Note: Password data will not be stored on a server and is only processed in the browser

    Strong passwords should be long and complex. Use the entire keyboard, incorporating numbers, symbols (!£$%^&#@), and both lowercase and uppercase letters. The longer, the better. A minimum of eight characters is recommended. Do not use personal information like a dog’s name or graduation year. Do not make your password identical to your username or email.
    All of your passwords should be different so that if one is leaked to a hacker, it can’t be used across all of your accounts. Passwords should also be regularly changed. Companies might not inform users of data breaches, and leaked passwords might not be used for long periods of time by hackers. Memorizing all of your newest passwords can be difficult, so we recommend the user of a password manager. A password manager stores all of your accounts’ passwords into a single app or browser extension and can input them automatically when you log in. You only need remember a single master password to access them.
    Weak passwords can allow intruders into your account. They can hijack email and social media accounts and use them as spam bots. They can steal private information, possibly leading to identity theft. Passwords that aren’t long and complex are vulnerable to “brute force” attacks, which guess every possible combination of characters until they happen across the correct one. Typically, they try combinations of lowercase characters first. Passwords that contain personal info (birth year, favorite sports team) are easier for hackers to guess.

    While this tools identifies many of the most common passwords, it cannot account for for all passwords and the wide range of tools hackers can use to crack them. Using predictable sequences of characters or other non-random sequences will make a password significantly more easy to break and not every such sequence will be picked up by this tool. It is designed for educational purposes only and we cannot guarantee its accuracy.

    As an example, advanced password crackers can predict punctuation and capitalization patterns that are not tested for here. Avoid using predictable alterations of dictionary words, for instance, substituting 4 for A or $ for S. These patterns are reflected in the increasingly sophisticated rulesets, dictionaries, and combinations used by modern hackers, as well as the growing number of leaked and cracked password lists.