What does zxcvbn measure that basic length-and-classes checkers miss?

zxcvbn (Wheeler, USENIX Security 2016) estimates real-world cracking time by modelling actual attacker dictionaries: the top 30,000 common passwords, English and proper-noun word lists, keyboard adjacency patterns (qwerty, asdf, 1qaz2wsx), date sequences (1990, 12/31/99), repeated/sequenced characters (aaaa, 1234), and common leet-speak substitutions (P@ssw0rd → password). The output is `guesses_log10` — order-of-magnitude guesses an attacker needs — paired with cracking time estimates at different attack speeds (online throttled, online unthrottled, offline slow hash, offline fast hash). A length-only checker gives `Password1!` a passing score because it has 11 chars + all classes. zxcvbn detects it as 'common password + leet substitution + appended digit + appended symbol' and assigns a score of 1/4 — within seconds of cracking. The model is intentionally adversary-aligned, not theory-aligned.

Should I check passwords against breach lists, and how does k-anonymity protect me?

Yes — NIST 800-63B explicitly recommends screening candidate passwords against known breaches (§5.1.1.2). Have I Been Pwned's Pwned Passwords API uses k-anonymity to do this without revealing your password to the server. The client computes the SHA-1 hash of the password, sends only the first 5 hex characters of that hash to the API, and receives back a list of all known-breached hash suffixes that share that 5-character prefix (~478 results on average, ~800–1000 when the client sets Add-Padding, out of 1,048,576 possible 5-char prefixes spanning the 16⁵ space). The client then searches the response locally for the full hash. The server learns nothing about which specific password was checked — only that someone queried a particular range of the hash space. The same model is used by Cloudflare and 1Password for breach checks. Privacy is preserved by mathematical guarantee, not policy.

What is Diceware and why is it stronger than a complex short password?

Diceware generates passphrases by rolling dice to select random words from a fixed list. The EFF's long list (2016) contains 7,776 words = 6⁵, allowing 5 dice rolls per word. Each word adds 12.9 bits of entropy (log₂(7776) ≈ 12.92), so a 5-word passphrase carries ~64.6 bits, a 6-word passphrase ~77 bits, a 7-word ~90 bits. EFF recommends 6 words for most threat models. Compare to 'P@ssw0rd!' (10 chars, 4 classes) — this is one of the top-100 leetspeak passwords, cracking time well under 1 second on a modern GPU. A 6-word passphrase 'correct horse battery staple ginger jacket' (xkcd 936 reference + 2 added words) at 77 bits resists offline brute force for centuries on current hardware. Memorability is higher because words have semantic anchors.

Password Strength Checker & Tester

Q: What did NIST change about password rules in 2017?

NIST SP 800-63B (Grassi et al., Rev 3, June 2017; finalised as 800-63-4 in July 2025) reversed long-standing 'best practice' assumptions. Forced periodic password rotation was eliminated — research showed users responded to 90-day rotation by making predictable transformations (Password1 → Password2) that lowered actual entropy. Mandatory character composition rules (must contain uppercase + digit + symbol) were removed for the same reason: they pushed users toward predictable patterns like P@ssw0rd!. Minimum length increased to 8 characters with allowance for 64+ for memorised secrets, and the full ASCII printable set plus Unicode is permitted. The replacement guidance: screen candidate passwords against breach lists, allow passphrases without artificial complexity, eliminate rotation triggers except after credential exposure. NIST SP 800-63-4 (July 2025 final) extends with explicit phishing-resistant MFA requirements at AAL2 and refined breach-screening guidance.

Q: Are password managers a substitute for strong passwords?

Password managers shift the problem: you no longer need to remember many passwords, only one strong master and a recovery code. The manager generates and stores unique 16+ character random passwords per site, eliminating reuse risk — the primary vector for credential-stuffing compromise across industry breach reports. The master password should be a 6+ word Diceware passphrase or 80+ bit equivalent. Recovery codes must be backed up offline (paper, hardware token). Without a manager, even a careful user typically reuses 5-10 passwords across 100+ accounts, creating a single-point-of-compromise. Password managers are not redundant with NIST guidance — they enable it: one strong remembered secret, plus per-site randomness checked against breach lists at update time.

Your password never leaves your browser. All analysis is done locally.

Enter Password

Password Strength Meter — NIST Guidelines, zxcvbn & Breach Screening

Password strength is measured in bits of entropy — the logarithm of the number of guesses an attacker would need on average. NIST Special Publication 800-63B (Grassi et al., Rev 3, June 2017; finalised as 800-63-4 in July 2025) sets the modern guidance: minimum 8 characters with 64+ recommended for memorised secrets, full ASCII printable + Unicode allowed, no forced periodic rotation, no mandatory character composition rules. The replacement is screening against breach lists — Have I Been Pwned's Pwned Passwords API uses k-anonymity (5-character SHA-1 prefix) to query 1,048,576 hash buckets without revealing your password. zxcvbn (Wheeler, USENIX Security 2016) goes further than length-and-classes checks: it models actual attacker dictionaries (30k common passwords, keyboard patterns, dates, leet substitutions) and reports cracking time at different attack speeds. For new passwords, EFF's Diceware long list (7,776 words = 6⁵, each word ≈12.9 bits) lets a 6-word passphrase carry ~77 bits of entropy — resistant to offline brute force for centuries on current hardware. All analysis here runs in your browser; nothing is sent to a server.

How to check password strength

Type or paste a password into the field. All analysis runs locally in your browser.
The tool estimates entropy via zxcvbn-style modelling and flags common patterns (top-30k passwords, keyboard sequences, dates, leet substitutions).
Review the feedback (entropy bits + cracking time at different attack speeds) and adjust the password until strength meets your policy (NIST recommends 64+ bits for memorised secrets).
For maximum strength, generate a 6-word Diceware passphrase from the EFF long list (~77 bits) and store unique per-site passwords in a manager — never reuse.

Common use cases

Evaluating a candidate password before committing it to your password manager.
Teaching team members why predictable patterns (dictionary words, birthdays, P@ssw0rd!) crack fast despite passing length-and-classes checks.
Setting a baseline entropy target (e.g., 80 bits) for a corporate password policy aligned with NIST SP 800-63B / 800-63-4 guidance.
Testing whether a password meets a specific service's complexity rules before signup — and verifying the rules don't push you to a predictable pattern.

Frequently asked questions

What did NIST change about password rules in 2017?

NIST SP 800-63B (2017, finalised Rev 4 July 2025) eliminated forced periodic rotation and mandatory character composition rules — both pushed users to predictable patterns. Replaced by: screen against breach lists, allow passphrases, longer minimum (8+ chars, 64+ recommended), full ASCII + Unicode.

What does zxcvbn measure that basic checkers miss?

zxcvbn (Wheeler USENIX 2016) models actual attacker dictionaries: 30k common passwords, words, keyboard patterns (qwerty), dates, leet substitutions. Output `guesses_log10` and cracking time. Detects 'P@ssw0rd!' as 'common password + leet + appended symbol' — score 1/4 vs naive checker's pass.

Should I check passwords against breach lists?

Yes — NIST 800-63B §5.1.1.2 recommends it. HaveIBeenPwned's Pwned Passwords API uses k-anonymity: client sends only first 5 chars of SHA-1 hash, server returns ~478 matching hash suffixes on average (~800–1000 when the client sets the Add-Padding header), out of 1,048,576 possible 5-char prefixes. Server never learns the full password.

What is Diceware and why is it stronger than complex short passwords?

Roll dice to pick random words from a fixed list. EFF long list (2016) has 7,776 words = 6⁵. Each word = 12.9 bits entropy. 6-word passphrase = ~77 bits (EFF recommended). Resists offline brute force for centuries — vs 'P@ssw0rd!' cracked in <1 second on a modern GPU.

Are password managers a substitute for strong passwords?

They operationalise strong-password practice. One strong Diceware master + per-site random 16+ char passwords eliminates reuse — the primary vector for credential-stuffing attacks. Master ≥77 bits Diceware; recovery code backed up offline.

Why entropy beats character classes — and why NIST reversed forced rotation

The classic 'must contain uppercase, lowercase, digit, and symbol' policy is theoretically sound — adding character classes expands the search space — but in practice users respond to those rules predictably: capitalising the first letter, appending a digit or '!', applying leet substitutions (P@ssw0rd!). zxcvbn detects these patterns and scores them as common, not strong. Length matters more than complexity once two character classes are in play: a 20-character passphrase in lowercase letters covers more entropy than a 10-character password with all four classes. NIST's 2017 reversal codified this: forced rotation produced incremental transformations (Password1 → Password2) that lowered effective entropy, and mandatory composition rules pushed everyone to the same predictable patterns. The breach-screening replacement is empirical: rather than enforcing theoretical rules, check whether the candidate has appeared in a known breach. Have I Been Pwned aggregates over 800 million unique compromised credentials; k-anonymity makes the check privacy-preserving by sending only the first 5 characters of the SHA-1 hash. Diceware passphrases sidestep all of this: 6 random words from the EFF list give ~77 bits of entropy, memorable through narrative association, immune to leet-substitution patterns. Password managers operationalise the strategy: one strong Diceware master, unique 16+ character random passwords per site, breach-checked at update time.

Entropy calculation in bits (zxcvbn-aligned model)
Crack time at different attack speeds (online throttled / offline fast hash)
Common password detection + leet-substitution + keyboard-pattern recognition
NIST SP 800-63B compliance check (8+ char minimum, no composition rules)
Strong passphrase generator (Diceware-style 6-word, ~77 bits entropy)
Privacy-first: nothing leaves your browser (k-anonymity model for any breach checks)

Free. No signup. Browser tools (subnet, JWT, password strength) run locally; lookup tools query public APIs (Cloudflare DoH, RDAP, certificate logs). Full per-tool breakdown at /methodology/.

Sources (5)

Grassi, P. A., et al. (2017). Digital Identity Guidelines: Authentication and Lifecycle Management. NIST Special Publication 800-63B Rev 3 (final, June 2017; updates through March 2020).
National Institute of Standards and Technology (NIST) (2025). Digital Identity Guidelines (Revision 4). NIST SP 800-63-4 (final published July 2025; supersedes 800-63-3 / 800-63B-3 series).
Wheeler, D. L. (2016). zxcvbn: Low-budget password strength estimation. USENIX Security Symposium 2016, 157–173.
Hunt, T. (live). Have I Been Pwned — Pwned Passwords API (k-anonymity model). haveibeenpwned.com/api/v3 (5-character SHA-1 prefix, 16^5 = 1,048,576 hash range buckets).
Electronic Frontier Foundation (EFF) (2016). EFF's New Wordlists for Random Passphrases (long list). eff.org/dice — 7,776 words = 6^5, ~12.9 bits/word, 6-word recommended for ~77 bits entropy.

These are the IETF RFCs, NIST publications, and W3C standards the tool implements or queries. Locate them on the IETF Datatracker (datatracker.ietf.org) or the official standards body.