The functionality of How Secure Is My Password? is now available for use on your own site's registration forms. All of the features of the main site are available and many more are in the pipeline.


By paying for a license you support and encourage the ongoing development of How Secure Is My Password? and How Secure Is Their Password?.

How Secure Is Their Password? is available with various licenses:

  1. Non-Commercial/Educational Free

    The non-commercial license allows you to use the HSITP code on the sign-up page of non-commercial websites. It can also be used by educational institutions. A link back to should be visible somewhere on the page.

  2. Single Site £5

    The Single Site license allows you to use the HSITP code on a single commercial domain's sign-up page. Only applies to sites with less than 100,000 users. No attribution is needed.

  3. Multi Site £40

    The Multi Site license allows a single developer to use the HSITP code on the sign-up page of any commercial sites that they work on. Only applies to sites with less than 100,000 users. No attribution is needed.

  4. Corporate Negotiable

    The Corporate license can be used on sites with more than 100,000 users and may also be used on pages not used for sign-up (e.g. for marketing purposes). No attribution is needed. Please contact:

The HSITP code includes a list of the top 10,000 passwords compiled by and used with the permission of Mark Burnett.

Please test that the HSITP code works with your site before buying a license as they are non-refundable.

Purchase License


Once your purchase is complete you will be returned to this page. You will not receive any confirmation emails of a license key - licensing is done in good faith.

Your Setup

Your users' passwords are only as secure as the system in which they are used. Make sure your system handles passwords securely before including How Secure Is Their Password? on your site.



<input type="password" id="password" />
<p id="result"></p>

Make sure you include a reference to hsitp.min.js somewhere on your page (it is good practice to put <script> tags at the bottom of your page).


var password = document.getElementById('password'),
        result = document.getElementById('result');

    hsitp(password, result, { namedNumber: false });

The password element should be an <input> of some sort (probably of type="password"). The result element can be anything, most likely a <p> or <span>.

It can also take jQuery objects if that's your preference:

var password = $('#password'),
    result = $('#result');

hsitp(password, result, { namedNumber: false });

Currently, if jQuery returns more than one element (e.g. $('input') on a page with multiple inputs) only the first will be used.

hsitp.min.js can be used with AMD loaders (e.g. RequireJS). If the define function is present in your codebase the hsitp function will not be made global and the AMD system should be used instead.

Configuration Options


hsitp(password, result, {
    calculations: "4 billion",
    checksCallback: function (checks) {
    checksElem: document.getElementById('checks'), // or $('#checks')
    checksMessage: true,
    namedNumbers: true


Please read the Licensing information before downloading.

The hsitp.min.js file contains a list of the top 10,000 passwords - this makes up 93KB of its size.

Download (108KB minified, 47KB gzip)


Please send any bug reports to