Skip to main content

How to test password strength using these free tools

Keep your passwords safe and secure

How to test password strength using these free tools
(Image: © Pixabay)

Two-factor authentication, single sign-on, and other tools have made it easier than ever to improve your online security, but strong passwords should still play a key role in keeping your information safe. Password hacks are more of a threat than many people assume, and commonly used passwords are far more likely to be compromised.

In this article, we’ll cover effective free tools for testing password strength and verifying the safety of your accounts. While improving your passwords can’t completely eliminate the threat of security breaches, it will still go a long way toward making your business more secure.

Nordpass

Nordpass offers a free online password strength checker from the team responsible for NordVPN.

Along with the ability to check an existing password’s strength, Nordpass also provides the option to develop new passwords. Furthermore, users can import their old passwords and securely share login credentials with friends, family members, and coworkers. While other features are only accessible through the app, the password strength checker is available on the Nordpass website.

Nordpass

Nordpass checks the length and complexity of your password, as well as searches for it in previous breaches. (Image credit: Nordpass)

Nordpass evaluates each password by checking for a few basic elements: length (at least 12 characters), lowercase and uppercase letters, symbols, and numbers. It also estimates how long it would take to crack the password and determines whether it has been compromised in previous data breaches.

You can check the strength of your password without downloading an app or even creating an account, making Nordpass extremely convenient. It also provides all the information you need to determine whether a password is sufficiently secure.

The University of Illinois at Chicago Password Strength Test

The UIC Academic Computing and Communications Center offers a robust password strength checker that also provides various best practices for strong passwords. While its analysis is more complicated, it also gives you deeper insight into the strengths and weaknesses of a given password.

University of Illinois at Chicago

UIC checks each password using a variety of criteria, including deductions for repeating the same character or type of character. (Image credit: University of Illinois at Chicago)

Like Nordpass, UIC doesn’t ask users to sign up. The password strength test is run on your own computer, so your information is never sent online.

One of the service’s advantages is that it shows the exact effect of each aspect of your password. It also highlights factors like repeating characters that other password strength checkers may not consider. On the other hand, UIC doesn’t display an estimated “time to crack,” as it considers these calculations to be unreliable.

Kaspersky

Kaspersky is a cybersecurity business that has VPNs, antivirus software, and other products. Its password manager is also an excellent way to keep track of your passwords. The Kaspersky password strength tool is available on its website, and you don’t need to sign up or download anything to check a password.

In contrast to the UIC tool, Kaspersky uses a simple interface and only offers basic information about your password strength. A test password was flagged for being “common or a word,” while simply adding an exclamation point made it a “hack-resistant” password with no additional information other than the estimated time to crack. But Kaspersky does search for your password in past data breaches to confirm that it hasn’t already been compromised.

Kaspersky

Kaspersky doesn’t provide the same level of detail as UIC or other in-depth password strength tools. (Image credit: Kaspersky )

Along with the password strength tool, the Kaspersky website has a basic FAQ about creating passwords and checking them online. It also provides tips for online security, such as enabling two-factor authentication and monitoring login history.

Comparitech

Like Kaspersky, Comparitech focuses on security services, providing VPNs, antivirus software, cloud backups, and more. The password strength test, along with a password generator, is available to all visitors to the Comparitech website.

Similar to UIC, Comparitech has a disclaimer clarifying that any entered passwords are only processed locally. In other words, nothing that you type into the password field will ever be sent online. Interestingly, there’s another disclaimer pointing out that password strength tools are inherently limited and can never definitively analyze the security of a given password.

Comparitech

Comparitech never transmits or stores information entered into the password strength test. (Image credit: Comparitech )

Besides the estimated time to crack, Comparitech also provides basic information about the strength of your password. For example, it pointed out that our test password contained a dictionary word, wasn’t particularly long, and didn’t contain any characters other than numbers and letters.

While Comparitech doesn’t go as far as UIC in offering fine-grained insights into your password, it will still identify any glaring weaknesses. You can also use the password generator or the advice below the tool if you want to develop better passwords.

LastPass

LastPass is one of the most popular password managers, with apps available for both Android and iOS devices. The password strength tool is available for free on its website and won’t store or transmit any of your data.

LastPass

LastPass will evaluate the overall strength of your password and identify room for improvement. (Image credit: LastPass)

Once you enter a password, LastPass will provide an overall grade, along with specific tips to help you make further optimizations. It identified our test password as being too short, containing a dictionary word or known password, and not having any symbols.

Unfortunately, LastPass doesn’t check for your password in past breaches, so there’s no immediate way to tell whether it has already been identified. This is a critical step in the password strength-checking process, so don’t forget to verify this information before finalizing any new passwords.

Conclusion

We all know general best practices for passwords—longer is better, numbers and symbols are important, and dictionary words tend to be weaker—but it can be tough to recognize all the potential flaws in our own passwords. These sites will help you avoid using vulnerable passwords and keep your information safe from hackers and other malicious actors.