Password Strength Meter

Password Strength Meter is a forever free product from PasswordPing

By adding simple JavaScript to your existing signup and change password forms, you can automatically notify users if they are trying to select a password that is either Weak (using patterns commonly checked by hackers) or Compromised (already exposed in a previous data breach).

Place your cursor into the password field below to display the PasswordPing frame and see it in action!

Password Strength Meter works by:

1) Checking if a hash of the password exists in our massive compromised credential database

2) Checking if the password is similar to those programmatically generated by cybercriminal hacking dictionaries

NOTE: This is for testing only. Form data is not submitted or saved.

Frequently Asked Questions

The Password Strength Meter prevents your users from selecting passwords that are weak or known to be compromised.

We check against our massive compromised credential database and also using algorithms similar to those found in cybercriminal dictionaries: common words and names, dates, l33t speak, repetition, sequences, keyboard patterns and more.

No license key is required. We allow up to 100,000 password checks for free from any domain.
This tool is powered by the enterprise class security of PasswordPing. The Password Strength Meter sends hashes of only the password via SSL. Data sent to our service is only kept in memory and then is zeroed out at the end of the call.
Our free version is limited to 100,000 API requests per month. The control will still function after this, it will simply no longer lookup the hacked status of the password and will only show basic password strength information.
In the unlikely event that our API is unavailable, the strength meter degrades gracefully. It simply provides the basic password strength information, losing only the ability to classify passwords as compromised or not.

The PasswordPing JS and CSS files which your site loads are hosted in a high availability CDN, which should always remain available even in the event of a complete failure of the PasswordPing infrastructure.

Nope. It’s super easy and can be added to your signup or login form in just a few minutes.

Use our getting started guide or read our full documentation.

Please visit our general FAQ or Contact Us with questions.