I came across this site today and it’s quite an interesting one as it works out the approximate time it would take a desktop pc to crack the password.

It’s a good reality check for how weak most common passwords really are. Anything under 8 characters gets cracked almost instantly, and dictionary words are barely better. The site gives you a rough estimate based on brute-force attack speeds, which is useful for convincing non-technical people to pick stronger passwords.

Of course, real-world password security depends on more than just length — salted hashes, rate limiting, and multi-factor auth all play a role. But as a quick visual demo of why “password123” is a terrible idea, this tool does the job.

Check it out here.