Check Password Strength Locally with zxcvbn

Password Entropy and Crack-Time Auditor

Most online password checkers send your password to a server — which is exactly the wrong thing to do. The Password Entropy Auditor runs zxcvbn entirely in your browser, the same library Dropbox built and uses internally. zxcvbn estimates crack time against modern attacker speeds, identifies weak patterns (dictionary words, keyboard walks, dates, repeats), and suggests improvements — all without your password leaving the page.

How to password entropy and crack-time auditor

Step 1
Type or paste a password — Enter the password to audit. It stays in your browser memory only.
Step 2
Audit — zxcvbn analyzes patterns, dictionary matches, and entropy in real time.
Step 3
Read the report — Score, crack time, and improvement suggestions are displayed.

Frequently asked questions

Is my password really not transmitted?+

Open DevTools Network tab while typing. You'll see zero outbound requests. zxcvbn runs as JavaScript in your browser.

What is a good zxcvbn score?+

Score 4 means centuries of crack time at 10 billion guesses/second. Score 3 is acceptable. Below 3, strengthen the password.

Is this NIST-compliant?+

zxcvbn pre-dates NIST SP 800-63B but aligns with its philosophy: prefer longer, harder-to-guess passphrases over arbitrary complexity rules.

Privacy first

Every JAD Security operation runs entirely in your browser. Files, passwords, and PGP private keys never leave your device — verified by zero outbound network requests during processing.

How to password entropy and crack-time auditor

Step 1
Type or paste a password — Enter the password to audit. It stays in your browser memory only.
Step 2
Audit — zxcvbn analyzes patterns, dictionary matches, and entropy in real time.
Step 3
Read the report — Score, crack time, and improvement suggestions are displayed.

Frequently asked questions

Is my password really not transmitted?+

Open DevTools Network tab while typing. You'll see zero outbound requests. zxcvbn runs as JavaScript in your browser.

What is a good zxcvbn score?+

Score 4 means centuries of crack time at 10 billion guesses/second. Score 3 is acceptable. Below 3, strengthen the password.

Is this NIST-compliant?+

zxcvbn pre-dates NIST SP 800-63B but aligns with its philosophy: prefer longer, harder-to-guess passphrases over arbitrary complexity rules.

Privacy first

Every JAD Security operation runs entirely in your browser. Files, passwords, and PGP private keys never leave your device — verified by zero outbound network requests during processing.

Password Entropy and Crack-Time Auditor

How to password entropy and crack-time auditor

Frequently asked questions

Privacy first

Related guides

Password Entropy and Crack-Time Auditor

How to password entropy and crack-time auditor

Frequently asked questions

Privacy first

Related guides