فحص قوة كلمة المرور

A password is only as strong as the number of possible combinations an attacker must try before guessing it correctly — and that number is determined by two variables: the length of the password and the size of the character set it draws from. An 8-character password using only lowercase letters has 26⁸ ≈ 200 billion possible combinations — which sounds impressive until you learn that modern GPU-accelerated brute-force tools can test over 100 billion combinations per second, cracking such a password in under 2 seconds. Add uppercase letters, numbers and symbols and extend to 12 characters, and the combination count explodes to 95¹² ≈ 540 quintillion — requiring hundreds of thousands of years at the same attack rate. Our password strength checker calculates this precisely: it estimates the character set, calculates entropy in bits, and translates the result into a realistic crack-time estimate using modern attack benchmarks — giving you a clear, honest picture of exactly how protected you actually are.

Understanding password strength goes hand-in-hand with generating strong passwords. Our Secure Password Generator creates cryptographically random passwords of any length and complexity — with precise control over which character sets to include. After generating a password there, paste it here to see its entropy score, estimated crack time and a full security checklist. The two tools together form a complete password security workflow: generate, verify, and deploy with confidence.

For developers working with authentication systems, it is worth noting that passwords are rarely stored in plain text — they are hashed, and often the hash itself is stored as a Base64-encoded string. Our Base64 Encoder/Decoder can help you inspect or verify these encoded credential strings — an essential skill for anyone building or auditing authentication systems and security infrastructure.

What is password entropy and why does it matter?

Password entropy is measured in bits and quantifies the unpredictability of a password. It is calculated as: entropy = length × log₂(charset size). An 8-character lowercase-only password has a charset of 26, yielding 8 × 4.7 = 37.6 bits of entropy. Adding uppercase letters (charset 52) raises it to 45.6 bits; adding digits (charset 62) to 47.6 bits; adding symbols (charset 94) to 52.4 bits. Security experts generally recommend a minimum of 80 bits of entropy for sensitive accounts — achievable with a 14-character password using mixed character types. Every additional character multiplies security exponentially, not linearly.

Brute force vs dictionary attacks: how passwords are actually cracked

Modern GPU-accelerated cracking tools such as Hashcat can test over 100 billion password guesses per second against MD5 hashes — meaning an 8-character password with only lowercase letters can be cracked in under 2 seconds. Dictionary attacks are even faster: they test millions of common passwords, names and phrases first. NIST SP 800-63B (2017) now recommends prioritising length over complexity — a 16-character passphrase like "coffee-mountain-river-27" is far more secure and memorable than "C0ff33!m@" despite being easier to type. Generate strong passwords with our Password Generator, then verify their strength here.