Password Policy Checker

Test your password against industry-standard policies & rules in real-time

All checks run locally Real-time analysis

Enter Your Password

Enter a password —

Policy Rules

Policy Presets

Minimum 8 characters, requires 3 of 4 character types.

Length

Unique Chars

Entropy

0 bits

Char Types

0/4

Character Types Used

Lowercase (a-z) Uppercase (A-Z) Digits (0-9) Special (!@#$...)

Estimated Crack Time

Online Attack (1k/s) —

Fast GPU (1B/s) —

Cluster (1T/s) —

Estimates assume brute-force attack. Actual times vary based on hashing algorithm and salting.

Frequently Asked Questions

What makes a password "strong"?

A strong password is long (12+ characters), uses a mix of character types (uppercase, lowercase, digits, symbols), and avoids predictable patterns like dictionary words, keyboard sequences, or personal info. Our checker evaluates all these factors in real-time.

What is password entropy?

Entropy measures randomness in bits. Higher entropy = harder to guess. A password with 60+ bits of entropy is considered strong. Entropy depends on length and character pool size. For example, a 12-character password using 70 possible symbols has ~74 bits of entropy.

How are crack times calculated?

We calculate the total possible combinations (character_pool^length) and divide by attack speeds. The estimate uses three scenarios: online attack (1,000 guesses/sec), fast GPU (1 billion/sec), and a large cluster (1 trillion/sec). Actual crack times depend on the hashing algorithm used by the service storing your password.

What is NIST 800-63B policy?

NIST SP 800-63B is a U.S. federal standard for digital identity. Key recommendations: minimum 8 characters, allow all printable ASCII characters including spaces, no mandatory composition rules (no forced special chars), and check passwords against known compromised lists. It prioritizes length over complexity.

PCI DSS password requirements

PCI DSS (Payment Card Industry Data Security Standard) requires: minimum 7 characters, must contain both letters and numbers, and passwords must be changed every 90 days. Our tool checks the structural requirements but cannot enforce rotation policies.

Is my password sent anywhere?

No. All checks run entirely in your browser using JavaScript. Your password never leaves your device, is not stored, logged, or transmitted. You can disconnect from the internet and the tool will still work perfectly. This is a core privacy principle of our tool.

Why avoid common password patterns?

Attackers use dictionary attacks and pattern-based cracking before brute-forcing. Passwords like "Password123!" or "Summer2024" are cracked instantly despite meeting technical complexity rules. Our checker flags keyboard sequences, repeated characters, and common weak passwords.

How can I create memorable strong passwords?

Try the passphrase method: combine 4-6 random words like "correct-horse-battery-staple". Add a few numbers and symbols for extra strength. Alternatively, use a password manager to generate and store unique strong passwords for each account. Our built-in generator can create secure passwords instantly.

New

Local Password Breach Checker - Online k‑Anonymity

Tell if your password has appeared in data breaches without sending the full password. Uses hash prefix locally.

Security breach checker password safe

New

Content Security Policy Evaluator - Online Hash & Nonce Check

Test if a script or style will be allowed by a given CSP. Compute hash/nonce. Strengthen your site’s defense against XSS. Local.

Evaluator CSP evaluator security XSS

New

SSL Certificate Checker - Online Verify Expiry & Chain

Enter a domain and see its SSL certificate details: issuer, validity dates, and chain. Client‑side fetch.

Network certificate checker expiry SSL

New

DNSSEC Chain Validator - Online Check RRSIG & DS

Validate a DNSSEC chain by entering DS and RRSIG records. Verify that signatures match. Educational. Local algorithm.

Network DNS DNSSEC security validator

New

Security Headers Auditor - Online Check HSTS, CSP & More

Enter a website and check which security headers (HSTS, CSP, X‑Frame‑Options) are present. Get a security grade.

Network audit CSP HSTS security headers

New

Permissions‑Policy Header Parser - Online Decode & Check

Paste the Permissions‑Policy header and get a human‑readable table of allowed/blocked browser features. Understand how your site is restricted.

Parser header parser Permissions‑Policy security

New

Default Wi‑Fi Password Calculator - Online ISP Router Keygen

Enter a router's MAC address or serial and generate the common default WPA passphrase for major ISP brands. Educational purpose only.

Network generator password router Wi‑Fi

New

Code of Conduct Generator - Online Community Covenant

Generate a Contributor Covenant or custom Code of Conduct for your project or event. Ready to paste into your repo.

Developer Tools Code of Conduct community generator open source

New

Network Information API Checker - Online Downlink Speed

Display your effective connection type (4g, 3g, etc.) and downlink speed using the Navigator API. Adapt your app accordingly.

Info API connection Network Information speed

New

Cocktail Recommender - Online What to Mix Based on Liquor

Tell the tool what base liquor and mixers you have, and it suggests classic cocktails. Simple database. Cheers!

Food cocktail drink mixer recommender

New

Hashid Encoder/Decoder - Online Short Unique IDs from Numbers

Convert integers into short, unique, YouTube‑style IDs (hashids) and decode them back. Customize salt and minimum length.

Developer Tools decode encode hashid short id

New

Blood Pressure Category Checker - Online AHA & ESC Guideline Tool

Interpret your blood pressure reading based on American Heart Association and European Society of Cardiology categories. Visual gauge with actionable health insights.

Diagnostics AHA blood pressure checker ESC hypertension

New

PWA Install Prompt Checker - Online See beforeinstallprompt Status

Check if the browser has captured the beforeinstallprompt event. Understand why your PWA is (or isn't) installable.

Developer Tools checker install prompt PWA

New

Password Pwned? Checker - Online k‑Anonymity

Check if a password appears in the Have I Been Pwned database using k‑Anonymity. Only the first 5 characters of the hash are sent.

Security breach checker password pwned

New

DNS Propagation Checker - Online Verify Record Status

Query a domain's DNS record against multiple public resolvers (Google, Cloudflare) and see how it propagates. Client‑side fetch.

Network checker DNS global propagation

New

HSTS Header Checker - Online Strict‑Transport‑Security

Fetch a site’s HSTS header and validate its syntax, max‑age, and subdomain flags. Ensure your site enforce HTTPS.

Network checker header HSTS security

New

API Status Checker - Online Test Endpoint & Response

Enter an API URL and quickly check its HTTP status code and response time. See response headers and body. Browser fetch.

Developer Tools API checker endpoint status

New

Font Fallback Checker - Online See Missing Glyphs

Type any character and see how it renders in different font stacks. Detect missing glyphs and fallback behavior.

Design checker fallback font typography

New

Accessible Color Contrast Grid - Online Test Combinations

Enter a palette of colors and see a grid showing whether each foreground/background pair passes AA or AAA contrast. Must for designers.

Accessibility checker contrast grid WCAG

New

Live Website Audit Checker - Online Quick SEO & Performance

Enter a URL and get a one‑page report of titles, description, headings, image alts, and broken links. All from browser.

Developer Tools audit checker performance SEO

New

Browser Extension Headers Check - Online Detect Injected Scripts

Look at HTTP headers and JavaScript objects to guess which browser extensions might be installed. For awareness.

Info browser checker extension privacy

New

npm Version Range Checker - Online SemVer & Tilde Caret

Enter a package name and version range to see all satisfying versions from the registry. Understand ^ and ~.

Developer Tools checker npm range semver

New

IBAN Structure Checker - Online Validate Format & Country

Check if an IBAN has the correct length and structure for its country. Early validation, no bank connection.

Finance checker format IBAN validator

New

Image Format MIME Checker - Online Identify True Type

Drop an image that might have wrong extension and see its real format (JPEG, PNG, WebP) based on header bytes.

Developer Tools checker format image MIME

New

Favicon Checker - Online Test Any Site's Icon

Enter a URL and see its favicon at all standard sizes. Check if it's properly defined. SEO basic check.

Developer Tools checker favicon icon SEO

New

Mersenne Prime Checker - Online 2^p‑1 Validation

Check if a number of the form 2^p‑1 is a Mersenne prime. Quick Lucas‑Lehmer test simulation for small p.

Calculator checker math Mersenne prime

New

HTTP Redirect Path Tracer - Online SEO Chain Analyzer

Trace the full redirect path of a URL. See every hop, status code, and final destination. Detect broken chains.

Developer Tools checker HTTP redirect SEO

New

Email Spam Score Checker - Online Newsletter Tester

Paste your email body and subject, and get a spam score based on common trigger words and patterns. Improve your cold outreach.

Business checker email score spam

New

Homophone Checker - Online Sound‑Alike Words Tool

Type a word to see all its homophones with definitions. Avoid embarrassing mistakes (their/there/they’re). Static dictionary.

Educational checker English homophone words

New

Solubility Rules Reference - Online Quick Chemistry Table

Classic solubility rules for ionic compounds in water. Determine if a salt is soluble or forms a precipitate. Static guide.

Educational chemistry precipitates rules solubility