Password Strength Checker — Instant Feedback & Crack Time

How Password Strength Is Measured

This checker evaluates passwords against eight criteria based on NIST 800-63B guidelines and general security research. The crack time estimate assumes an attacker running 10 billion guesses per second — achievable with modern GPU cracking rigs and leaked hash databases.

NIST password guidelines (SP 800-63B)

Minimum 8 characters; 15+ characters strongly recommended for sensitive accounts
Allow all printable ASCII characters and spaces
Check against lists of known-compromised passwords (e.g., HaveIBeenPwned)
Do not force regular password changes unless there is evidence of compromise
Do not require composition rules (mix of upper/lower/digits) — length matters more

Estimated crack time reference

Password type	Example	Crack time (10B/sec)
Common word	`password`	Instantly (in dictionary)
Short with symbols	`P@ss1`	Seconds
Random 8 chars	`xK9!mQ2r`	Minutes to hours
Random 12 chars (mixed)	`7gT#kLpR2mNw`	Months
Random 16 chars (mixed)	`qZ8!vN3mXp1@LdKr`	Centuries
4-word passphrase	`correct horse battery staple`	Thousands of years