Two-factor authentication (opens in new tab), single sign-on, and other tools have made it easier than ever to improve your online security, but strong passwords should still play a key role in keeping your information safe. Password hacks are more of a threat than many people assume, and commonly used passwords are far more likely to be compromised (opens in new tab).
In this article, we’ll cover effective free tools for testing password strength and verifying the safety of your accounts. While improving your passwords can’t completely eliminate the threat of security breaches, it will still go a long way toward making your business more secure.
Nordpass (opens in new tab) offers a free online password strength checker (opens in new tab) from the team responsible for NordVPN (opens in new tab).
Along with the ability to check an existing password’s strength, Nordpass also provides the option to develop new passwords. Furthermore, users can import their old passwords and securely share login credentials with friends, family members, and coworkers. While other features are only accessible through the app, the password strength checker is available on the Nordpass website.
Nordpass evaluates each password by checking for a few basic elements: length (at least 12 characters), lowercase and uppercase letters, symbols, and numbers. It also estimates how long it would take to crack the password and determines whether it has been compromised in previous data breaches.
You can check the strength of your password without downloading an app or even creating an account, making Nordpass extremely convenient. It also provides all the information you need to determine whether a password is sufficiently secure.
- We feature the best password generators (opens in new tab).
The University of Illinois at Chicago Password Strength Test
The UIC Academic Computing and Communications Center offers a robust password strength checker (opens in new tab) that also provides various best practices for strong passwords. While its analysis is more complicated, it also gives you deeper insight into the strengths and weaknesses of a given password.
Like Nordpass, UIC doesn’t ask users to sign up. The password strength test is run on your own computer, so your information is never sent online.
One of the service’s advantages is that it shows the exact effect of each aspect of your password. It also highlights factors like repeating characters that other password strength checkers may not consider. On the other hand, UIC doesn’t display an estimated “time to crack,” as it considers these calculations to be unreliable.
Kaspersky is a cybersecurity business that has VPNs, antivirus software (opens in new tab), and other products. Its password manager (opens in new tab) is also an excellent way to keep track of your passwords. The Kaspersky password strength tool (opens in new tab) is available on its website, and you don’t need to sign up or download anything to check a password.
In contrast to the UIC tool, Kaspersky uses a simple interface and only offers basic information about your password strength. A test password was flagged for being “common or a word,” while simply adding an exclamation point made it a “hack-resistant” password with no additional information other than the estimated time to crack. But Kaspersky does search for your password in past data breaches to confirm that it hasn’t already been compromised.
Along with the password strength tool, the Kaspersky website has a basic FAQ about creating passwords and checking them online. It also provides tips for online security, such as enabling two-factor authentication and monitoring login history.
Like Kaspersky, Comparitech focuses on security services, providing VPNs, antivirus software, cloud backups (opens in new tab), and more. The password strength test (opens in new tab), along with a password generator, is available to all visitors to the Comparitech website.
Similar to UIC, Comparitech has a disclaimer clarifying that any entered passwords are only processed locally. In other words, nothing that you type into the password field will ever be sent online. Interestingly, there’s another disclaimer pointing out that password strength tools are inherently limited and can never definitively analyze the security of a given password.
Besides the estimated time to crack, Comparitech also provides basic information about the strength of your password. For example, it pointed out that our test password contained a dictionary word, wasn’t particularly long, and didn’t contain any characters other than numbers and letters.
While Comparitech doesn’t go as far as UIC in offering fine-grained insights into your password, it will still identify any glaring weaknesses. You can also use the password generator or the advice below the tool if you want to develop better passwords.
LastPass (opens in new tab) is one of the most popular password managers, with apps available for both Android and iOS devices. The password strength tool (opens in new tab) is available for free on its website and won’t store or transmit any of your data.
Once you enter a password, LastPass will provide an overall grade, along with specific tips to help you make further optimizations. It identified our test password as being too short, containing a dictionary word or known password, and not having any symbols.
Unfortunately, LastPass doesn’t check for your password in past breaches, so there’s no immediate way to tell whether it has already been identified. This is a critical step in the password strength-checking process, so don’t forget to verify this information before finalizing any new passwords.
We all know general best practices for passwords—longer is better, numbers and symbols are important, and dictionary words tend to be weaker—but it can be tough to recognize all the potential flaws in our own passwords. These sites will help you avoid using vulnerable passwords and keep your information safe from hackers and other malicious actors.
- We've also featured the best password management software for business (opens in new tab).