Calculations happen locally, and nothing is logged or sent to our servers
Notice: This works only if your password is random. If your password is not random, use the password checker:
It assumes 1010 guesses per second, which is realistic with modern GPUs and cracking rigs. It also assumes the attacker knows the character set of your password
Q&A
What does “time to crack” mean? What does this tool do?
Time to crack is an estimate of how long it could take an attacker to guess your password using automated tools. It assumes repeated attempts until the correct password is found.
Type in a password to calculate how long it will take to crack in a combinational brute-force attack.
How is password crack time calculated?
It is usually calculated based on the length of the password and the size of the character set used. More possible combinations mean more time required to try them all.
What is a brute-force attack?
A brute-force attack tries every possible combination until it finds the correct password. It is slow for strong passwords but very effective against short or simple ones.
What is a dictionary attack?
A dictionary attack uses lists of common words, phrases, and leaked passwords to guess passwords quickly. These attacks are much faster than brute-force for predictable passwords.
Why do some passwords get cracked faster than others?
Passwords that contain common words, patterns, or predictable elements like years are much easier to guess. Truly random passwords take much longer to crack.
Does adding more characters increase crack time?
Yes, increasing the length of a password dramatically increases the number of possible combinations. Even a few extra characters can make a big difference.
How does character variety affect crack time?
Using a mix of uppercase letters, lowercase letters, numbers, and symbols increases the size of the character set. This makes brute-force attacks significantly harder.
What does “guesses per second” mean?
It refers to how many password attempts an attacker can make in one second. Modern hardware can test billions of guesses per second in offline attacks.
Is the estimated crack time always accurate?
No, it is only an approximation based on brute-force assumptions. Real attackers often use smarter techniques that can reduce the actual time needed.
Why do tools show extremely large crack times?
Strong passwords create a huge number of possible combinations, which leads to very large estimates. These numbers help show relative strength, not exact real-world timing.
What is considered a “safe” crack time?
There is no exact threshold, but passwords that would take many years or longer to crack are generally considered strong. Anything that can be cracked in minutes or hours is weak.
Can a password be cracked instantly?
Yes, if it appears in common password lists or follows a known pattern. In those cases, attackers can guess it almost immediately without brute force.
Why do repeated characters weaken a password?
Repeated or predictable characters reduce randomness and make patterns easier to detect. Attackers often prioritize these patterns in their guesses.
Does using a passphrase improve crack time?
Yes, long passphrases made of random words can be very strong. They increase length while remaining easier to remember than complex short passwords.
Should I rely only on crack time estimates?
No, crack time is just one indicator of strength. You should also avoid common patterns and use unique passwords for each account.