Skip to content
BEAD

Password Strength Checker

Estimate the strength of a password — entropy, crack time, and what's making it weak.

🔒 Your password is analyzed entirely in your browser. Nothing is sent over the network.

</>Use this tool programmaticallycurl · JavaScript · MCP

Same tool, callable from any HTTP client or from Claude (via MCP). Anonymous: 100 req/day per IP. Sign up for 1,000 req/day.

curl
curl https://api.b-e-a-d.com/tools/password-strength/run \
  -H "Content-Type: application/json" \
  -d '{
  "password": "Hunter2!aB",
  "guessesPerSecond": 100000000000
}'
JavaScript (fetch)
const res = await fetch("https://api.b-e-a-d.com/tools/password-strength/run", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
  "password": "Hunter2!aB",
  "guessesPerSecond": 100000000000
}),
});
const data = await res.json();
console.log(data.result);
MCP (Claude Desktop / Claude Code)
# In Claude Desktop / Claude Code, add to your MCP config:
{
  "mcpServers": {
    "bead": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.b-e-a-d.com"]
    }
  }
}

# Then ask Claude to call:
mcp__bead__bead_password_strength

Full reference: developer docs · OpenAPI spec

How the estimate works

Strength is reported as Shannon entropy in bits — the size of the character pool times the password length. The crack-time figure assumes an offline attacker running ~10¹¹ guesses per second against a modern hash (a high-end consumer GPU rig). Real-world speed depends on the algorithm; for bcrypt or Argon2 with sane parameters, real attacks are billions of times slower.

This page does not send your password to any server. It checks against a small built-in list of the most common passwords; for a full breach check use a tool that consults the HIBP k-anonymity API.

You might also like