Are my files uploaded to a server?

No. Every tool on SnapToolz runs entirely inside your browser using JavaScript and WebAssembly. Your file is read locally, processed in memory, and the result is offered as a download. Nothing is sent to a server — there isn't one to send to.

How is entropy calculated?

Length × log2(alphabet size). The alphabet size is determined by which character classes (lowercase, uppercase, digits, symbols) are present. Entropy gives an upper bound — a long password drawn from one class is much weaker than the bits suggest.

What does 'effective bits' mean?

Raw entropy minus penalties for detected patterns. Repeated characters, sequences (1234, abcd, qwer), dictionary words, dates and years all reduce effective entropy because attackers can encode them. The crack-time estimate uses effective bits, not raw.

Are the time-to-crack rates realistic?

The rates span from 100 guesses/sec (online with rate limiting) to 100 billion/sec (multi-GPU offline cluster on a fast hash like MD5). Real-world depends heavily on whether the password is hashed with bcrypt/argon2 (slow) or MD5/SHA1 (fast). Use the slowest rate that matches your threat model.

Why isn't there a hard pass/fail?

Strength is a continuum, not a yes/no. A password good enough for a forum sign-up is too weak for a banking master password. The detailed breakdown lets you make a contextual call instead of relying on a generic rating.

Does it work offline?

Yes. SnapToolz is a Progressive Web App. After your first visit, the app is cached on your device and every tool keeps working without an internet connection.

Yes — every tool is 100% free with no sign-up, no watermark, no hidden tier. The whole platform is open source and we have no plan to gate features.

SnapToolz — Private, in-browser file tools

About Password Strength Visualizer

Most password strength meters return a single number and a colour. The Password Strength Visualizer breaks down what that number actually means: how many bits of entropy your password contains, which character classes contribute, what known weaknesses (sequences, repeats, dictionary words, dates) reduce the effective strength, and how long an attacker would take to crack it at five different attack rates — from a rate-limited online login to a multi-GPU offline cluster. Everything runs locally, your password never leaves the page, and the report is verbose enough to actually use as a password-policy reference.

No uploads
Browser-only
Works offline
100% free

How it works

1
Type the password
Type or paste any password into the input. The analysis updates as you type, in your browser only.
2
Read the breakdown
See the entropy bits, character class counts, detected patterns, and time-to-crack at five attack rates from online-throttled to offline-extreme.
3
Iterate
Tweak the password and watch the bits climb. The 'Effective bits' figure penalises detected patterns; that's the number that actually matters.

Related tools

Browse all

Password GeneratorNew

Cryptographically-strong passwords + strength checker.

Random TokenNew

Generate UUIDs, API keys, and random strings.

AES EncryptionNew

Encrypt and decrypt text with AES-256-GCM. Passphrase only.

Hash Generator

Generate SHA-256, SHA-512, SHA-1, and SHA-384 hashes.

Frequently asked questions

Are my files uploaded to a server?
No. Every tool on SnapToolz runs entirely inside your browser using JavaScript and WebAssembly. Your file is read locally, processed in memory, and the result is offered as a download. Nothing is sent to a server — there isn't one to send to.
How is entropy calculated?
Length × log2(alphabet size). The alphabet size is determined by which character classes (lowercase, uppercase, digits, symbols) are present. Entropy gives an upper bound — a long password drawn from one class is much weaker than the bits suggest.
What does 'effective bits' mean?
Raw entropy minus penalties for detected patterns. Repeated characters, sequences (1234, abcd, qwer), dictionary words, dates and years all reduce effective entropy because attackers can encode them. The crack-time estimate uses effective bits, not raw.
Are the time-to-crack rates realistic?
The rates span from 100 guesses/sec (online with rate limiting) to 100 billion/sec (multi-GPU offline cluster on a fast hash like MD5). Real-world depends heavily on whether the password is hashed with bcrypt/argon2 (slow) or MD5/SHA1 (fast). Use the slowest rate that matches your threat model.
Why isn't there a hard pass/fail?
Strength is a continuum, not a yes/no. A password good enough for a forum sign-up is too weak for a banking master password. The detailed breakdown lets you make a contextual call instead of relying on a generic rating.
Does it work offline?
Yes. SnapToolz is a Progressive Web App. After your first visit, the app is cached on your device and every tool keeps working without an internet connection.
Is SnapToolz free?
Yes — every tool is 100% free with no sign-up, no watermark, no hidden tier. The whole platform is open source and we have no plan to gate features.

See all Security

About Password Strength Visualizer

No uploads
Browser-only
Works offline
100% free

How it works

1
Type the password
Type or paste any password into the input. The analysis updates as you type, in your browser only.
2
Read the breakdown
See the entropy bits, character class counts, detected patterns, and time-to-crack at five attack rates from online-throttled to offline-extreme.
3
Iterate
Tweak the password and watch the bits climb. The 'Effective bits' figure penalises detected patterns; that's the number that actually matters.

Related tools

Browse all

Password GeneratorNew

Cryptographically-strong passwords + strength checker.

Random TokenNew

Generate UUIDs, API keys, and random strings.

AES EncryptionNew

Encrypt and decrypt text with AES-256-GCM. Passphrase only.

Hash Generator

Generate SHA-256, SHA-512, SHA-1, and SHA-384 hashes.

Frequently asked questions

Are my files uploaded to a server?
No. Every tool on SnapToolz runs entirely inside your browser using JavaScript and WebAssembly. Your file is read locally, processed in memory, and the result is offered as a download. Nothing is sent to a server — there isn't one to send to.
How is entropy calculated?
Length × log2(alphabet size). The alphabet size is determined by which character classes (lowercase, uppercase, digits, symbols) are present. Entropy gives an upper bound — a long password drawn from one class is much weaker than the bits suggest.
What does 'effective bits' mean?
Raw entropy minus penalties for detected patterns. Repeated characters, sequences (1234, abcd, qwer), dictionary words, dates and years all reduce effective entropy because attackers can encode them. The crack-time estimate uses effective bits, not raw.
Are the time-to-crack rates realistic?
The rates span from 100 guesses/sec (online with rate limiting) to 100 billion/sec (multi-GPU offline cluster on a fast hash like MD5). Real-world depends heavily on whether the password is hashed with bcrypt/argon2 (slow) or MD5/SHA1 (fast). Use the slowest rate that matches your threat model.
Why isn't there a hard pass/fail?
Strength is a continuum, not a yes/no. A password good enough for a forum sign-up is too weak for a banking master password. The detailed breakdown lets you make a contextual call instead of relying on a generic rating.
Does it work offline?
Yes. SnapToolz is a Progressive Web App. After your first visit, the app is cached on your device and every tool keeps working without an internet connection.
Is SnapToolz free?
Yes — every tool is 100% free with no sign-up, no watermark, no hidden tier. The whole platform is open source and we have no plan to gate features.

See all Security

Password Strength Visualizer

About Password Strength Visualizer

How it works

Type the password

Read the breakdown

Iterate

Related tools

Frequently asked questions

Password Strength Visualizer

About Password Strength Visualizer

How it works

Type the password

Read the breakdown

Iterate

Related tools

Frequently asked questions