Password Check - How secure is your password?

With the Password Check you can find out how secure your password is. We calculate how long a computer needs on average to crack the password. In addition, we check whether the password has been made public in the past through a data leak or a hacker attack.

Enter your password in the field above. As a result, you will receive 3 boxes containing the following information:

Time to crack the password
In the first box we show you how much time a modern computer takes to crack your password. You should choose your password so that it takes at least a few thousand years to crack your password.

Password leaked
We check whether your password was in the past contained in a dataset that came to the public through a data leak or a hacker attack. In this case, you should no longer use the password.

Improve password
At the end we will show you suggestions how you can improve your password. We will check your password for frequently used combinations, numbers and special characters.

Frequently Asked Questions

What makes a secure password?
Two decisive factors when choosing a password are the length of the password and its uniqueness. Your password should consist of at least 8 characters, but better 12 to 16 characters. If you use upper and lower case letters, numbers and special characters, the time it takes to crack a password using a brute force attack is higher. In our password check we check the length and the special characters used and calculate how long it will take a computer to crack the password.

Apart from the length, it is crucial that you do not use the same password for every online account. In the past, millions of passwords have become public as a result of data leaks and hacker attacks. These passwords can now be used by attackers for dictionary attacks. Our password check therefore checks whether your password has been affected by a data leak in the past.

How accurate is the time?
We calculate how long it takes a computer to crack the password with a brute force attack. We assume that an attacker can check 40 billion combinations per second. Since this number can vary in reality, the time should only be used as an approximation of password security.

What does it mean if my password has been leaked?
If your password has been affected by a data leak in the past, you should not use it again. It is best to use an individual password for each online service. You can use a password manager to manage your passwords.

Data Protection & Privacy

Since passwords are security-critical data, we take data protection very seriously. The following measures ensure that the verification of your password does not represent an additional risk.

Local calculation
We perform the calculations for password security (duration to crack the password, numbers, special characters) directly on your browser. The password is not sent to our server and cannot be intercepted.

k-anonymity Model
To check if your password is affected by a data leak, we query the Have I Been Pwned database. We do not transfer your password to the server, but use a k-anonymity model to determine whether your password is contained in the database. To do this, we form the SHA-1 hash of your password, but only transmit the first 5 characters of this hash. The server then responds with about 500 possible matches, which we then check in your browser. Further information about this procedure can be found here.