Evaluate Your Password

Password:
Visibility: Show Hide
Before Redundancy Score: 0
Redundancy: 0
Entropy: 0
Original Score: 0
Score: 0%
Leaked password: Start search on haveibeenpwned.com
Complexity: Too Short
  Type Description Minimum Count Bonus Penalty Rating
  T Basic Requirements          
  T Character Count*          
  T Recommended Character Count          
  T Lowercase Letters*          
  T Uppercase Letters*          
  T Number of Numerics*          
  T Number of Symbols*          
  T Number of Middle Numbers          
  T Number of Middle Symbols          
  B Sequential Letters          
  B Sequential Numbers          
  B Keyboard Patterns used          
  B Sequence was repeated          
  B Sequence was mirrored          
  B Year patterns found          

Legend

  This criteria failed. You should change your password to match it.
  Your password passed this criteria.
  The criteria is exceeded. Your password does well in this category.
  This color marks the recent criteria changes to inform you about the influence of your last modifications.
T This is a triple state criteria. It has the states Failed, Passed, and Exceeded.
B This is a binary state criteria. It has the states Failed and Passed. So it can be only violated.
* This is one of the basic requirements.

All criterias marked with * are basic requirements. A certain number if these requirements has to be met to get the bonus, otherwise a penalty is applied.

The character count is one of the most important factors of a password. The longer the better. A minimum length is required.

Sadly enough, not all systems support long passwords.

This criteria represents the recommended password length. So passing or exceeding this value gives the password an additional bonus. Besides that, you have additional confidence that your password is harder to crack.

Lowercase letters are one type of characters that should be used to increase to amount of possible characters in the password. You increase the "alphabet" size by using from a wide range of characters.

Uppercase letters are important to make your password as difficult as possible to break. Place the uppercase letters not only at the beginning but also at unexpected positions.

Numbers enhance the available alphabet and make your password harder. Try to avoid typical easy to guess numbers, such as years, birthdays, or common numbers like the famous 42.

Symbols are the main incredient of a good password. First of all the alphabet gets bigger, secondly you brake the common pattern of having a plain word. So, instead of "Hammer", you write "H*mme/" or even better "Ha@m-mer!".

Numbers at the end are really common, so we give your password an additional bonus when you put your numbers in the middle.

A lot of people use symbols to enhance their passwords, but they simply put the stuff at the end, so we honor symbols in the middle.

Many users tend to use easy to remember patterns, such as "abc" or "rst". So we try to avoid that and apply a penalty when we discover such a pattern.

Also easy to remember number combinations are evil when used in a password, because they are easy to guess. We will apply a penalty when we discover patterns, such as 012 or 789.

Just typing the keys that are close to each other on the keyboard is something easy to remember but also one of the first attack vectors for a password crack. We will penalize patterns from German and English keyboards.

A password becomes weak when it repeats the same patterns and phrases over and over again. For instance, "Tsae3-Tsae5" looks nice, but contains too much redundancy, so we apply a penalty.

The penalty is only applied, when the recommended password length is not reached.

Repeating a sequence in reverse order does not make the password stronger, so we make it a good practice to avoid that.

The penalty is only applied, when the recommended password length is not reached.

Including years such as your birthday or common events from the near past or future (e.g. 1910, 1972, 2042) just makes it easier to guess or break the password or password hash.

The penalty is always applied.

Check on HaveIBeenPwned.com if the password has been compromised in a data breach (hundred of millions leaked passwords database).

 

The password is NOT send on Internet while testing it. Technichal explainations on:

 

https://haveibeenpwned.com/API/v3

 

🔴 Present in leaked databases, don't use this one!

🟢 No database leaked with this password.