Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Password Meter is a real-time password strength checker and generator page. Its core features include password scoring, random password generation, readable passphrase generation, and an optional breached-password check. The page emphasizes that all scoring and analysis run locally in the browser via JavaScript, and that plaintext passwords are not sent to the server.
The tool provides lightweight protection around password security in three main ways. First, it evaluates strength based on entropy, length, and character set. Second, it detects patterns commonly used by attackers, such as qwerty/asdfgh keyboard paths, abc/123 sequences, repeated characters, dates, leet substitutions, and common passwords. Third, it checks whether a password appears in breached-password databases via HaveIBeenPwned’s k-anonymity range API. During lookup, the SHA-1 hash is calculated locally; only the first 5 hexadecimal characters of the hash prefix are sent, and suffix matching is performed client-side after the response is returned. This privacy design is better than uploading plaintext passwords or complete hashes.
Deployment is browser-based and runs locally on the web page. The generator uses window.crypto.getRandomValues(), rejection sampling, and Fisher-Yates shuffling, and the page explicitly states that Math.random() is not used. Integration is mainly limited to the HaveIBeenPwned API; there is no visible information about enterprise APIs, SSO, SIEM, browser extensions, or directory service integrations. In terms of management and alerting, it can provide real-time scoring and explanations of weaknesses, but it does not offer centralized policies, auditing, reporting, or alert mechanisms.
The captured page does not disclose a pricing model, payment methods, or a commercial edition, so pricing information is left blank. On the compliance side, the page repeatedly references NIST SP 800-63B, indicating that its password policy philosophy aligns with modern guidance—for example, reducing emphasis on mandatory complexity and emphasizing length. However, this does not mean the product itself has compliance certification.
Its strengths are clear privacy boundaries, low friction, and strong explainability. It is suitable for individuals generating strong passwords, checking the risk of old passwords, or security awareness training. Its limitations are that the product has a narrow scope: it cannot store, sync, or rotate passwords, nor does it provide enterprise password governance, access management, or operational support. It should be used as an auxiliary tool, not as a replacement for a password manager or IAM platform.
The page does not provide information about access from mainland China, payment options, or localization. In addition, the optional breach check depends on api.pwnedpasswords.com, so real-world availability may be affected by network conditions. China access is therefore rated as unknown. Alternatives include the generators in Bitwarden, 1Password, and KeePassXC, or directly using Have I Been Pwned’s Pwned Passwords capability.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on passwordmeter.com official site.
passwordmeter.com is an Unknown Security provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach passwordmeter.com directly.