Free Tool
Password Strength Checker
Test how strong your password is against common attack methods. Real-time analysis with entropy scoring, crack-time estimates, and improvement suggestions.
Your password never leaves your browser. All analysis runs locally in JavaScript — nothing is sent to any server.
Enter a Password
Start typing to see real-time strength analysis
100% Client-Side
This tool runs entirely in your browser. Your password is never transmitted, stored, or logged. You can verify this by disconnecting from the internet — the tool will still work.
Password Policy Recommendations (NCSC Guidelines)
| Recommendation | Details | Why It Matters |
|---|---|---|
| Minimum Length | At least 12 characters | Length is the single biggest factor in password strength |
| No Complexity Rules | Don’t force symbols/numbers | Forced complexity leads to predictable patterns like P@ssw0rd |
| Use Passphrases | Three or more random words | Easier to remember, harder to crack than short complex passwords |
| Check Against Breaches | Block known compromised passwords | Millions of passwords are publicly available from data breaches |
| Multi-Factor Authentication | Enable MFA on all accounts | Even a strong password isn’t enough if credentials are phished |
| Password Manager | Use one for all accounts | Allows unique, long passwords without memorisation burden |
| No Forced Rotation | Only change if compromised | Regular rotation encourages weak, incremental password changes |
| Account Lockout | Throttle after failed attempts | Prevents online brute-force attacks against login pages |
Based on the UK National Cyber Security Centre (NCSC) password guidance. Contact Cloudswitched for help implementing password policies and MFA across your organisation.
More Free Tools
Try our other free security assessments and IT planning tools.