Test Your Passwords

How strong are your passwords really? This page is here to help you find out. By understanding how attackers attempt to break passwords and using your knowledge from the previous pages on what makes a good password, you can tailor your habits to make yourself an undesirable target.

So, how do attackers actually “crack” passwords? It depends on the method. The most basic one is called a brute-force attack, where a computer tries every possible combination until it gets lucky. Short passwords are easy prey because there just aren’t that many possibilities, and longer passwords can take some serious computing time to crack. Then there are dictionary attacks, where hackers use massive lists of common words and passwords (like “password”, “abc123”, “football”, or “123456”) to speed things up. There’s also credential stuffing, which doesn’t even bother guessing. It reuses stolen passwords from previous data breaches to see if people have recycled them elsewhere.

What makes all this scary is how fast technology is advancing. A single high-end graphics card can test billions of passwords per second.¹ That means an 8 character password might be cracked in minutes, while a 12 character password made of random words could take years. When you see that difference on the password strength tester, it’s eye opening. Luckily, you don’t have to memorize dozens strings of gibberish to be safe, you just have to understand the logic behind what makes passwords strong.

It’s also worth busting a few password myths. For instance, changing your password every 30 days doesn’t automatically make you safer. People actually tend to reuse old patterns when forced to do that which makes the change much less effective.² Adding a single number at the end “Password1” doesn’t fool anyone either, hackers often test those patterns first. And yes, symbols help, but not if the rest of your password is predictable. What matters most is length and randomness. A 14 character passphrase will always beat a short, complicated password.

If you’ve ever reused a password across multiple sites, you’re not alone, but that’s one of the biggest risks online. Once a hacker gets hold of one of your old passwords from a breached site, they’ll try it everywhere: your email, your bank, your social media. That’s why unique passwords for each account are critical. The easiest way to go about it is with a password manager. You might be thinking, “Do I really need all this just for my Netflix account?” The answer is yes, because once attackers get access to one account, they can often pivot to others. Many online services use your email address as a recovery method, and if they can get into your email, they can reset everything else. We all know having a spare key hidden under the doormat can be convenient, but risky if someone knows where to look. Don’t make that mistake with your passwords. The habits you build for small accounts help protect the important ones too.

Think your password could hold up against a hacker? Try it out here and see! The Password Strength Tester below gives you instant feedback on how strong your password really is, including an estimate of how long it would take an average password cracking program to break it. It’s a fun way to see the difference that a few simple changes can make.

Don’t worry, this tool runs completely in your browser. Nothing you type is sent or saved anywhere. For extra safety it’s recommended that you don’t use your real password, but instead test something similar (like “treeFarm08skyLine” instead of your actual password). Once you type in a password, the tester will analyze it based on length, complexity, and predictability. You’ll get an instant rating along with an estimated crack time, showing how long it might take a typical brute-force or dictionary attack to guess it. Use this tool to get a feel for how secure your passwords are and learn what makes some tougher than others. It’s a safe, simple, and surprisingly satisfying way to see some of the math behind password security.

¹ “How hackers can crack your password in an hour”, by Antonov, A, June 2024
² “The problems with forcing regular password expiry”, National Cyber Security Centre, October 2016