In 2023, using secure passwords is one of the most fundamentally important steps you can take to make sure you stay safe online, avoid data breaches, and ensure your privacy is protected. So, a lot of people turn to tools that test password strength – they're incredibly easy to use and there are plenty of great free options.
Of course, it’s crucial that you’re using a legitimate password strength testing tool, rather than a shady website designed to coax you into handing over your password.
In this guide, we’ll take you through some of the best free password strength testing tools you can trust, as well as how to create a strong password that will be difficult for any hacker to crack.
Why a Strong Password Is Important
Unfortunately, in the modern world, personal data gets hacked at an alarming rate. All businesses, companies, and organizations are at risk. Individual account holders are also prime targets for cyber criminals looking to steal sensitive personal information which, if obtained, can be used to wreak all sorts of havoc.
What’s more, although the average person has more than 100 passwords, a lot of threat actors now have access to tools that can roll through thousands of commonly used passwords in seconds and test them in combination with usernames to crack accounts. Plus, it's already been demonstrated that AI tools can be used to aid hackers in their password-cracking endeavors.
With this kind of technology in reach of cybercriminals lurking in the darkest corners of the internet, maintaining strong and unique passwords on your accounts could be the difference between information about you that is exposed being useless and that same information being useful. It's why we always recommend using one of the best password managers, as they make following password security best practice a walk in the park.
The more unique characters, symbols, and letters you use when you’re creating an account, the longer it’ll take a hacker to crack your password. A few extra characters can change that time from a few seconds to hundreds of years.
The Best Free Ways to Test Your Password Strength
Below, we've listed some free password strength testing tools you can trust. Skip to the section after this one if you want to know about the ones you should avoid.
NordPass
Password manager provider NordPass – which is part of security firm NordVPN – has a password strength testing tool available online that you can use for free. It’ll tell you exactly where you’re going wrong if your password is too weak, and how long it would take a threat actor to crack it.
NordPass will also perform a quick scan of haveibeenpwned.com‘s bank of data breach information to check if the password you've entered has been involved in a leak.
NordPass is a reputable, legitimate security company with an excellent reputation for putting their customers’ privacy first – so if there’s somewhere to test your password, it’s here. None of the details you put into the password tester field will be stored by NordVPN.
LastPass
Like NordPass, password manager LastPass doesn’t store any passwords that you input into its password strength tester.
What’s more, it’ll tell you exactly what you need to do to make sure your password is strong. When we entered a mock password, as shown above, LastPass described it as “moderately strong”.
However, we’d recommend against using this password strength tester in a public place – there seems to be no way to actually hide the characters of your password. But then again, the safest place to test your password is always your home, rather than in public.
Read our full LastPass review
Security.org
Security.org provides by far the most information on this list regarding how to quickly improve your password. The password strength testing tool is at the top of a more extensive article about password safety, which is good for people who haven't delved into the world of password security before.
When you type in your password, Security.org will even let you know whether it's one of the most used out there, like this:
It also provides an analysis of your character variety and warns you about using real words, are it's typically easier to crack passwords that contain them. Overall, this is a very comprehensive tool and avid learners will appreciate the additional information provided.
University of Chicago
The University of Chicago’s password strength tester will break down everything about your password and show you where you’re going right and wrong.
After you input your password, you’ll be graded depending on how well it performs against a set of criteria, which are listed in full on the site.
This page gave us a much more detailed breakdown than was provided by the other password strength testing tools we tried. It even detailed whether we repeated letters or had consecutive strings of categories of character (e.g. symbols).
Dashlane
Dashlane's password testing tool will tell you how strong or weak your password is, but that’s about it – unlike NordPass and LastPass, there’s no additional information provided that could help make our password stronger.
However, Dashlane does provide a button that, if clicked, will generate an undebatably strong password in no time at all.
But like LastPass, unfortunately, you can't keep your password hidden as you type it in – so this is another password tester not to use in public.
Bitwarden
Bitwarden’s password strength test tool will tell you how strong your password is without delay. It’s a bit more granular than Dashlanes, cycling through a variety of categories such as “weak”, “average”, “strong”, and “very strong”.
Bitwarden also estimates precisely how long it would take a hacker to break into an account protected with this password, which tops out at “centuries”.
However, there’s no direct statement confirming that the passwords you input won’t be stored – but Bitwarden is a very reputable and widely-known cybersecurity company, so it would be extremely surprising if they were doing this.
Password Strength Test Tools to Avoid
Although it’s good practice to find out just how secure your password actually is, you need to be really, really careful about the websites you’re typing this information into.
A password tester isn’t the most difficult thing in the world to code, which means that anyone could build one and attempt to rank among the top pages in the Google search results. When testing your password, ensure you avoid websites that:
- Don’t state that they won’t be storing your data
- Look old, poorly maintained and/or don’t load properly
- Are full of adverts and pop-ups
- Have little other content across the rest of their site
- Ask you to download files
Really, you should be sticking to reputable security firms like Nord and companies that make password managers like LastPass or DashLane. It’s just not worth typing in highly sensitive information anywhere else, especially with so many legitimate options out there.
How to Create a Strong Password
Every strong password satisfies four conditions which make it secure. In a nutshell, all passwords should be:
- Long A secure password will be at least 8-12 characters long – the most secure passwords can be upwards of 15 characters long
- Unique: The more times you re-use a password, the less secure it is – and the more damage a hacker could do if they obtained it
- Varied: the most secure passwords usually have special characters, numbers, and symbols contained in them – as well as spaces
- Random: avoid using aspects of personal information that someone could reasonably find out about you (such as you pet’s name). Made-up or mashed-together words are also highly recommended.
Another good technique to apply during your password-making is treating every password as a “passphrase” rather than a pass-“word”.
There’s some evidence that choosing a passphrase (e.g. “I Love Going to LA for My Vacation – It’s Freaking Brilliant!) is easier to remember than a string of random words or letters and therefore allows you to build stronger passwords. However, randomness/ensuring it's not connected to personal details about your life is still important!
Additional Security Measures You Should Take
Ensuring you have a sufficiently strong password to repel incoming attacks on your accounts isn’t the only thing you need to do to ensure you’re as protected as you can be.
You should of course be implementing two-factor authentication wherever you can. This puts another obstacle in front of any potential attackers and ensures that, even if they manage to obtain your password or user credentials, they still won’t be able to break into your accounts.
We recommend using an authentication app (e.g. Google Authenticator) as some attack techniques (like SIM-Swapping) can circumvent this security measure if configured if a mobile phone is configured to receive the authentication codes. It's not a commonly used tactic, but it's better to be safe than sorry.
Of course, the best way to store your secure passwords is with a password manager, a type of software that helps users maintain unique, highly complex passwords for their accounts without you having to remember them. Here's some of the top ones we've tried:
Local Storage Option | Two-Factor Authentication | Failsafe Function | Password Generator Function A password manager can create secure, complex passwords for you. You won't need to remember them yourself. | Help Instructions | Email Support | Live Chat Support | Phone Support | Price | Business Plan? | Business Price Cheapest available business plan | Click to Try | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
TOP PICK | |||||||||||||
NordPass | 1Password | LastPass | Dashlane | Sticky Password | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| $2.99/month | $3/month | $4.99/month | $3.33/month | |||||||||
| | | | | |||||||||
$19.95/10 users | $3/user/month | $60/user | $29.99/user | ||||||||||
Try NordPass | Try 1Password | Try LastPass | Try Dashlane | Sticky Password |