No. Zero data leaves your browser. The entire algorithm runs locally via JavaScript. Your input is never logged, stored, or transmitted over the internet.

It estimates how long it would take a hacker using dedicated, high-speed hardware (capable of guessing billions of times per second) to force-guess your password.

If you used a dictionary word (like "Monkey123"), the algorithm detects it instantly. Hackers don't guess randomly; they use automated dictionaries of common words.

Developed by Dropbox, zxcvbn is an open-source password strength estimator. It recognizes patterns like dates, names, common substitutions (e.g., '@' for 'a'), and keyboard walks.

Not always! A very long passphrase consisting of four random words (e.g., "horse-battery-staple-correct") is often vastly stronger than a short password packed with symbols.

Hackers use open-source lists of the most common first and last names in the world. If your password relies on a name, it will be cracked in milliseconds.

No. These are called predictable substitutions (l33t speak). Cracking software is specifically programmed to automatically test these substitutions immediately.

Entropy is a measure of unpredictability. A higher entropy means there are more possible combinations, exponentially increasing the time it takes to crack it.

If you are creating a master password for a password manager or your primary email, aim for a cracking time of "Centuries" or higher for total peace of mind.

Absolutely. You should only have to remember one incredibly strong master passphrase. Use a password manager to generate and store random strings for every other website.