Password strength tester

Having a strong password helps keep your accounts safe and secure.

Password strength tester

How secure is this password?

Enter a password to check its strength

How to use the tester:

  • Enter a password you want to test.
  • The result will tell you:
    • how strong the password is against hackers and password guessing programs
    • if the password was in any known data breaches.
  • If the password isn’t strong enough, follow the tips to see how you can improve it.

How does the tester work?

Have a password you’d like to test? Type it in here, and we’ll check its strength. We’ll tell you how safe it is and how long it might take a hacker to crack it.

We compare it against a list of over 500 million known passwords from data breaches around the world. This will help you know if the passwords you’re using are still safe and secure. It’ll also give you tips on how to improve it.

The strength tester will measure your password strength against:

  • Time to crack: How long it would take for a password guessing program to guess your password.
  • Password strength: How easy it would be for a person to guess your password based on complexity and length.
  • Online data breaches: Whether your password has been in a known data breach. If it has, then it could make any accounts you have vulnerable to hackers.

Is the tester safe to use?

We’re glad you’re reading this! Many people use online services and give away their personal data without thinking about where it goes or how it’ll be used.

The good news is, with this password strength checking tool we don’t:

  • store any of the data you enter
  • share any of the data you enter
  • tie any of the data you enter to any accounts you may have, on Service Vic or otherwise.

Making sure all your info is private, and you only share it with who you choose to is the core of a safe internet experience.

Remember to follow the tips we provide and always read the terms and conditions. It’s also important consider who wants your data and why.

If you want to read more about how Service Victoria handles your data, you can read our privacy and security policy.

What makes a good password?

The best types of passwords are longer and complex. But they don’t have to be random numbers and letters. They can be easy-to-remember phrases.

Make it long

Make it long

Longer passwords are stronger passwords. Consider using a passphrase. A passphrase is a type of password made up of 4 or more random words. They’re tricky for cybercriminals to crack, but easy for you to remember.

Make it unpredictable

Make it unpredictable

The best passwords aren’t predictable in any way. Avoid using patterns as they are easier for a person or password guessing programs to figure out. Keep cybercriminals guessing by avoiding passwords with personal information, predictable substitutions (e.g. $ instead of S) and common references.

Make it unique

Make it unique

Don’t use the exact same password across multiple accounts. If one service suffers a data breach, then that puts any account with the same password at risk.

Top tip

If a website or service requires a complex password including symbols, capital letters or numbers, you can include these in your passphrase. Your passphrase should still be long, unpredictable and unique for the best security.

e.g. glowering-armour-permanently-jacketS-@$73.

For more information on what makes a good password visit

Can you guess which password is stronger?

Click on the tile you think is stronger



A shorter mix of letters, special characters and numbers. Many websites recommend making a password like this.

Guess this password



A passphrase of 4 or more random words. Longer than a traditional password, but easier to remember.

Guess this password

The best password is a passphrase

Generate a strong passphrase which is easy-to-remember, but very difficult for humans or computers to guess. Some websites will need you to use a number or a special character as well.

Weak vs strong passwords

You’re thinking about passwords all wrong

Most people think a string of roughly 9 random numbers, letters and special characters makes a good password. But it’s not about the randomness of the characters. A longer passphrase is much better, even if you make it out of simple and easy-to-remember words.

Why is this?

Hackers use programs to rapidly guess thousands of passwords a minute. It doesn’t matter if they’re random characters or not. The only thing that makes it harder is making the password longer.

Take a look at the table to see examples of poor passwords.

Weak password patterns Memorable? Time to crack
A common word (e.g. december) Yes 18 seconds
An easily-typed spatial word (e.g. qwerty or aaaaaaaa) Yes Less than a second
A pet or family member’s name (e.g. rusty) Yes 53 seconds
A number, such as a date or postcode (e.g. 22121981) Yes 26 minutes
A word with trivial letter to number substitutions (e.g. V1ct0r1a) Can be confusing 2 minutes

The strongest passwords take hundreds of years to guess.

The best type of password is actually a passphrase. Use at least 4 random words that don’t relate to you at all. You can then add numbers, capital letters or special characters. Many modern websites need this. A great example is:


This way it’s memorable and secure.

Strong password patterns Memorable? Time to crack
A randomly generated password (e.g. p%9y#k&yFm?) No Centuries
Four randomly chosen words (e.g. correct-horse-battery-staple) Yes Centuries

What if I use a password manager?

Password managers can keep all your passwords safe and easy to access.

Password managers are a good option if you find it hard to track all of your passwords. Password managers encrypt all of your data. This makes it almost impossible for hackers to access.

There are many paid and free options available. Do your research and consult with an expert before picking one.

For more information on password managers visit

Disclaimer: Please note the purpose of this tool is purely educational. The aim of Service Victoria is to increase general awareness of password security. Creating a strong password does not guarantee all of your accounts will be protected in all situations. For the most up-to-date and reliable information, you should consult with a qualified data security expert.

Service Victoria accepts no liability for errors, does not guarantee protection of your accounts across the web, nor do we offer any kind of warranty or guarantee from using this tool. Service Victoria does not commit to the information included in this tool being the most up-to-date and accurate. The standards and recommendations for cyber security change rapidly, and it is your responsibility to ensure that your practices are the best they can be in all situations now and in the future.

By using the content and tools included on this page, all users acknowledge and release the creators and operators of this password strength tester from any associated risks. Service Victoria does not authorise the copy or disclosure of any information included on this page.

Acknowledgements: The data source for the leaked passwords is sourced from Troy Hunt’s Pwned Passwords API (

*To reflect the increasing capabilities of cybercriminals, Service Victoria is using an estimate of 10 guesses per second to calculate how long it takes to crack a password. Based on an online attack on a service that isn’t rate limited.

Visit for more easy-to-understand security tips which can help protect your online accounts from hackers.