Password Checker: How Secure Is My Password?
With the EXPERTE.com Password Checker, you can find out how secure your password is. Once input, we also calculate the average time a computer needs to crack the password you've entered and check whether the password has been made public through a data leak or a hacker attack.
To start, simply enter your password in the field above. After this, three boxes will appear containing the following information:
Time needed to crack the password
In the first box, we show you how much time a modern computer would need to crack your password. Good passwords should require at least a few thousand years to crack.
Was your password leaked?
We check whether your password has been part of any datasets made public in the wake of leaks or hacker attacks. If your password was leaked, you should cease using it immediately.
Improve your password
In the last box, we'll provide you with some suggestions for how you can improve your password. We'll check your password for frequently used combinations, numbers, and special characters.
When creating a password, two factors are decisive, namely, its length and its uniqueness. Your password should consist of at least 8 characters, but those containing 12 or 16 characters are better. By using both upper and lower case letters, numbers, and special characters, the time it takes to crack a password by brute force increases. Our password checker examines the length of your password, as well as the usage of special characters to calculate how long a computer would need to crack it.
In addition to length, it's equally important to not use the same password for every online account. Billions of passwords have been made public as a result of data leaks and/or hacker attacks. These passwords can now be used by attackers for so-called dictionary attacks. Our password checker assesses whether your password has been compromised in the past.
We calculate how long it takes a computer to crack the password you've input by brute force. We assume that an attacker can check 40 billion combinations per second. Since, in reality, this number can vary, our estimate should only be used as an approximation.
If your password has been compromised through a data leak, you should refrain from using it when creating new accounts, and if possible, change it for any existing accounts that are secured by it. In general, it's good to use a different password for each account you create or use. To easily keep track of these, you can store such sensitive data in a password manager.
Data Protection & Privacy
Since passwords are security-critical data, we take their protection very seriously. The following measures ensure that testing your password with our tool doesn't create any additional risks.
The estimates for password security (time needed to crack the password as well as the amount of numbers and special characters) are performed directly in your browser. No passwords are sent to our server and as a result, none can be intercepted.
To check if your password has been compromised in any data leaks, we query the Have I Been Pwned database. We do not transfer passwords that you input to the server, but use a k-anonymity model to determine whether your password is contained in the database we consult. First, we form an SHA-1 hash of your password but only transmit its first five characters. The server then responds with around 500 potential matches, which we subsequently check in your browser. Additional information about this procedure can be found here.