Calculator
The page keeps a single-column content flow. Only the form fields use a responsive grid: three columns on large screens, two on medium screens, and one on mobile.
Example Data Table
These examples show how the calculator interprets length, variety, entropy, and penalties. Scores are illustrative and follow the same formula used on this page.
| Sample Password | Length | Entropy Bits | Score | Rating | Observation |
|---|---|---|---|---|---|
| 12345678 | 8 | 26.58 | 6 | Very Weak | Numeric only and highly predictable. |
| Summer2026 | 10 | 59.54 | 47 | Weak | Mixed classes, but seasonal patterns reduce trust. |
| Cloud!River92 | 13 | 85.16 | 78 | Strong | Solid length, variety, and better uniqueness. |
| aaaaBBBB1111!! | 14 | 91.72 | 42 | Weak | Heavy repetition triggers significant penalties. |
| Zebra^Lamp7!Mint | 17 | 111.36 | 92 | Excellent | Long, varied, and less pattern-driven. |
Formula Used
Score formula
Score = clamp(Length Points + Variety Points + Entropy Points + Uniqueness Points + Policy Bonus − All Penalties, 0, 100)
- Length Points:
min(35, length × 2.2) - Variety Points:
character classes × 8 - Entropy Points:
min(20, entropy_bits ÷ 4) - Uniqueness Points:
unique_ratio × 10 - Policy Bonus:
+5when length meets the selected minimum. - Entropy estimate:
length × log2(character pool size) - Penalties: repeated runs, sequences, keyboard walks, common fragments, personal terms, short length, missing classes, and low uniqueness.
Rating bands
- 0–29: Very Weak
- 30–49: Weak
- 50–69: Moderate
- 70–84: Strong
- 85–100: Excellent
How to Use This Calculator
- Enter a password sample in the password field.
- Set the minimum policy length for your environment.
- Choose a target protection profile to compare against a recommended score.
- Select the attack model speed that best matches your risk assumption.
- Add personal terms you want the calculator to flag.
- Optionally require all four core character classes.
- Click Calculate Score to show the result above the form.
- Use the CSV or PDF buttons to export the masked analysis summary.
FAQs
1. Does a higher score always mean a safe password?
No. A higher score helps, but uniqueness still matters. Reusing a strong-looking password across sites creates major risk if another service is breached.
2. Why does repetition lower the score so much?
Repeated characters shrink practical unpredictability. Attackers often exploit repeated runs because they reduce the search space and make pattern guesses cheaper.
3. What is entropy in this calculator?
Entropy estimates how many bits of uncertainty a password may offer based on length and detected character pool size. It is a useful estimate, not a guarantee.
4. Why are keyboard patterns penalized?
Patterns like qwe, asd, or 123 are common in real passwords. Attack tools test them early because humans often create memorable physical sequences.
5. Should I test my real production password here?
Use caution. Any web form can introduce exposure risk. Testing representative samples or using a local environment is safer than entering live credentials.
6. What target score should administrators use?
Privileged and highly sensitive accounts should aim much higher than ordinary accounts. Longer passphrases, better uniqueness, and password manager support are recommended.
7. Why include personal keywords in the analysis?
Names, company terms, sports teams, or birthdays often appear in targeted attacks. Removing personally linked words makes guessing harder and reduces targeted exposure.
8. Is length more important than symbols?
Usually, yes. Extra length often improves resistance more reliably than adding a few symbols to a short, predictable password. The best results combine both.