Skip to content
HG

Password Crack-Time Estimator

Type a password and see how long an attacker would need to crack it — analysed locally in your browser, so it never leaves this page.

Runs entirely in your browser. Nothing is uploaded.

Analysed locally with zxcvbn — nothing you type leaves this page. Check the network tab if you like.

Share this tool

Most password meters just count characters. This one thinks like an attacker: it recognises dictionary words, keyboard walks like qwerty, dates, names, and l33t-speak substitutions, then estimates how many guesses a real cracking rig would need.

The headline number assumes the worst realistic case an attacker with a stolen password database and a slow hash. If a breached site stored passwords carelessly, the fast-hash scenario applies instead — billions of guesses per second. The lesson is always the same: length beats cleverness, and a password manager beats memory.

Frequently asked questions

Is it safe to type my real password here?

Yes. The analysis runs entirely in your browser using the open-source zxcvbn library — your password is never transmitted, logged, or stored, and you can verify that in your browser's network tab. If you'd still rather not, test a password with the same structure and length instead.

How is the crack time calculated?

We use zxcvbn, the estimator developed at Dropbox. It doesn't just count characters — it recognises dictionary words, names, dates, keyboard walks, and common substitutions, then estimates the guesses needed and divides by realistic attacker speeds, from a rate-limited website (100 guesses per hour) to an offline attack on a leaked database (10 billion per second).

Why does the time vary so much between scenarios?

It depends on how a service stores your password. If it's hashed with a slow algorithm like bcrypt, attackers manage thousands of guesses per second. If a site stored it with a fast hash like MD5 — or in plain text — the same password falls billions of times faster. You can't control that, which is why a password that survives the worst case is the goal.

My password scored badly. What should I do?

Make it longer — length beats complexity. A four-word random passphrase or a 16+ character generated password beats any clever 8-character substitution. Use our free Password Generator to create one, never reuse passwords across accounts, and turn on two-factor authentication where offered.

More free tools

Privacy

Metadata Viewer

See hidden data in your photos and PDFs: GPS location, camera info, author details.

Security

Password Generator

Generate strong, random passwords with customisable rules. Created locally, never sent anywhere.

Design

Contrast Checker

Test colour combinations against WCAG accessibility standards in real time.

Get new tools first

One email when a new tool ships. No spam, unsubscribe any time.

Need this built into your product?

HG Studio builds custom tools, automations, and web apps. Let's talk.

Work with HG Studio