Is my password sent anywhere?

No. Unlike most tools on this site, this one deliberately does not sync to the URL and uses no storage. All entropy analysis and crack-time math run in JavaScript on your device. Nothing about your password leaves the input box.

Why show multiple crack-time scenarios?

A single number is misleading. The same password resists a throttled online login (~100 guesses/second) for far longer than an offline attacker with a GPU running billions of guesses/second against a fast hash. Seeing all four scenarios reflects real-world risk far better.

How is the strength score calculated?

We estimate raw entropy from length and character-set size, then subtract penalty bits for detected patterns (common words, sequences, keyboard runs, repeats, dates). The resulting bit estimate maps to a 0–4 score, similar in spirit to Dropbox's zxcvbn.

Password Crack Time Estimator

Estimate how long your password takes to crack under 4 attacker scenarios, with zxcvbn-style pattern detection and a local passphrase generator. Nothing is uploaded.

By AbraCalc Editorial Team · Reviewed by AbraCalc Methodology Review · Last reviewed: 2026-06-25

Embed this tool on your site

<iframe src="https://abracalc.com/app/password-crack-time/embed.html" width="360" height="340" style="border:1px solid #e4e7ec;border-radius:12px" loading="lazy"></iframe>

How to use this tool

Type your password — use the Show button to reveal it if you want.
Watch the score, entropy, and detected weaknesses update live.
Compare the estimated crack time across the four attacker scenarios.
Click Suggest a strong passphrase to generate a secure one locally.

password-crack-time goes beyond a colored strength bar. It estimates entropy with a lightweight, zxcvbn-style pattern detector implemented from scratch: it penalizes dictionary words, ascending/descending sequences (abc, 123), keyboard runs (qwerty), repeated characters, embedded dates and years, and common leetspeak substitutions. Then it shows how long the password would survive under four realistic attacker scenarios — from a throttled online login to an offline GPU cracking a fast hash — plus a 0–4 score and concrete advice.

One click generates a strong, memorable passphrase locally using your browser's cryptographically secure random generator. This tool is for anyone who wants to know whether their password is actually safe.

Privacy by design: your password is never stored, never sent over the network, and never placed in the URL. Every calculation happens on your device.

Frequently asked questions

Is my password sent anywhere?: No. Unlike most tools on this site, this one deliberately does not sync to the URL and uses no storage. All entropy analysis and crack-time math run in JavaScript on your device. Nothing about your password leaves the input box.
Why show multiple crack-time scenarios?: A single number is misleading. The same password resists a throttled online login (~100 guesses/second) for far longer than an offline attacker with a GPU running billions of guesses/second against a fast hash. Seeing all four scenarios reflects real-world risk far better.
How is the strength score calculated?: We estimate raw entropy from length and character-set size, then subtract penalty bits for detected patterns (common words, sequences, keyboard runs, repeats, dates). The resulting bit estimate maps to a 0–4 score, similar in spirit to Dropbox's zxcvbn.

Password Crack Time Estimator

How to use this tool

Frequently asked questions

References & sources

Related tools