Password Strength Calculator

Reviewed by the CalculatorHub team, edited by James Graham. Based on NIST SP 800-63B guidelines. Last verified 14 June 2026.

Password strength measures how resistant a password is to guessing attacks, combining both entropy (randomness) and pattern analysis. This calculator scores your password from 0 to 100 by evaluating its length, character variety, and the presence of predictable patterns such as repeated characters, sequential runs, or common substitutions. A score above 70 indicates a strong password; below 40 indicates a weak one that should be replaced. The analysis runs entirely in your browser so your password never leaves your device. Use this tool alongside your organization's password policy to ensure credentials meet modern security requirements aligned with NIST Special Publication 800-63B, which is the primary US federal standard for digital identity authentication.

Password (stays in your browser)

Show password

Score (0-100)

0.00

Strength

Length

Entropy (bits)

0.00

Scoring methodology

Score = length_score + variety_score - pattern_penalty
length_score = min(L * 4, 40)
variety_score = (hasLower + hasUpper + hasDigit + hasSymbol) * 10
pattern_penalty = repeated_chars * 2 + sequential_runs * 3

The final score is clamped to the range 0 to 100. Scores of 70 or above are considered strong by this rubric.

NIST password recommendations

Minimum 8 characters; 15 or more characters recommended for sensitive accounts.
Check passwords against known breached password lists.
Do not require periodic resets unless compromise is suspected.
Allow all printable ASCII characters and spaces.
Do not use complexity rules that force predictable substitutions like "p@ssw0rd".

Frequently asked questions

What makes a password strong?

A strong password combines length (at least 12 characters), character variety (uppercase, lowercase, digits, symbols), avoidance of dictionary words and common patterns, and uniqueness across accounts. NIST SP 800-63B now emphasizes length over arbitrary complexity rules.

How is the password score calculated?

The score starts at 0 and adds points for: each character (up to a length bonus), character variety (lowercase, uppercase, digits, symbols each add points), and subtracts points for detected patterns like repeated characters, sequential runs, or common keyboard walks.

Is my password sent anywhere?

No. The calculator runs entirely in your browser. Your password text never leaves your device and is never stored, logged, or transmitted to any server.

Why do some long passwords score lower than expected?

Passwords that use long repeated patterns (e.g., aaaaaa or 123456789) score lower because the predictable structure dramatically reduces the effective search space for an attacker. True randomness across character types gives the highest score.

Should I use a passphrase instead of a random password?

Passphrases (multiple random words joined together) can achieve high entropy scores and are often easier to remember. A four-word random passphrase can exceed 50 bits of entropy. Either approach works well if the length is sufficient and the words are chosen randomly.

Official sources

NIST: SP 800-63B Digital Identity Guidelines - Authentication.
CISA: Use Strong Passwords.

Reviewed by the CalculatorHub team, edited by James Graham, 14 June 2026. See our methodology.