Find out how long a password would really survive against an attacker, and learn the simple trick that makes passwords both stronger and easier to remember.

What it is

A live strength tester that estimates how long it would take a computer to crack a given password by brute force. It runs entirely on your own device. Nothing you type is sent, stored, or logged anywhere. It also teaches the single most useful password habit: the passphrase.

How to use it effectively

1. Test the style of password you tend to use. Not necessarily your real one, but something in the same shape, so you learn how strong your habits actually are.
2. Read the crack-time estimate. "Instantly" or "a few hours" means it is dangerously weak. "Centuries" is what you want.
3. Try a passphrase instead. Type three or four random words joined together, like "otter-stapler-velvet-canyon". Watch the strength jump while staying easy to remember.
4. Apply it where it counts. Use unique passphrases for your email and banking above all, and turn on two-factor authentication everywhere it is offered.

Why it matters

Weak and reused passwords are behind a huge share of business breaches. If one site you use is breached and you reused that password, attackers will try it everywhere else, automatically. Strong, unique passphrases plus two-factor authentication close off one of the most common ways businesses get compromised.