Password Strength

This page doesn't store or transmit any password you test out. If you need help check out "How to Create a Strong Password."


Online Attacks

100 guesses / hour:

An online attack means that a cyber-criminal does not yet have access to the password hashes. These attacks are considerably slower because the server they are trying to break into typically limits the number of incorrect guesses in a given amount of time (usually locking out the account, but sometimes blocking the offending computer altogether until customer support unblocks it). The speed of the attack can also be limited by the speed and quality of the attacker’s Internet connection and how busy the server is that they are targeting.

Offline Attacks

10 billion guesses / second:

An offline attack – in this instance – means that a cyber-criminal has downloaded the password hashes from a server and is using computers under their control to guess as many of the passwords as they can. This tactic, while more difficult to accomplish, is beneficial to attackers because, at that point, the only thing that limits the number of guesses they can perform per hour is the speed of the computers they are using.