Password strength is measured by entropy — the number of bits of randomness in your password. Higher entropy means exponentially more possible combinations, making brute-force attacks impractical. A password with 80+ bits of entropy is considered very strong.

Even long passwords can be weak if they contain predictable patterns: common words, sequential characters (abc, 123), repeated characters (aaa), or passwords found in leaked databases. Attackers use dictionaries, markov chains, and rule-based transforms before falling back to brute force.

This checker evaluates length, character diversity, entropy, and common weakness patterns — all client-side. Your password is never transmitted to any server.