Password Strength API - Score, Crack Time & Feedback
Analyze a password and receive a strength score (0-4), estimated time to crack, and specific suggestions for improvement. Based on pattern matching and entropy estimation, not a simple character-class check.
Code examples
curl -X POST https://api.botoi.com/v1/password/strength \
-H "Content-Type: application/json" \
-d '{"password":"MyS3cur3P@ssw0rd!"}'When to use this API
Real-time registration forms
Call this endpoint as users type their password during signup to show a strength meter and block weak passwords before form submission.
Security audit of existing accounts
Batch-check hashed password patterns (not plaintext) against known weak patterns to identify accounts that need a password reset.
Frequently asked questions
What do the score values mean?
0 = extremely weak, 1 = weak, 2 = fair, 3 = strong, 4 = very strong. A score of 3 or higher is generally acceptable.
How is crack time estimated?
The API estimates offline crack time assuming 10 billion guesses per second, which represents a motivated attacker with GPU hardware.
Does this check against leaked password databases?
No. The API evaluates password patterns and entropy locally. It does not check against breach databases like Have I Been Pwned.
Is the password logged or stored?
No. The password is processed in memory on the edge and discarded after the response is sent.
Get your API key
Free tier includes 5 requests per minute with no credit card required. Upgrade for higher limits.