Password entropy is a measure of how unpredictable a password is, expressed in bits. It comes from Claude Shannon's information theory and quantifies the randomness in a password's construction. The formula is simple:
entropy = length × log₂(pool_size)
Each bit of entropy doubles the number of possible passwords. A password with 40 bits of entropy has 2⁴⁰ ≈ 1 trillion possible combinations. At 80 bits, there are 2⁸⁰ ≈ 1.2 × 10²⁴ combinations — more than the estimated number of grains of sand on Earth. At 128 bits, brute-forcing becomes infeasible even for nation-state attackers.
Values assume truly random character selection from the full pool. Real passwords with patterns or dictionary words have lower effective entropy.
Times represent worst case (full keyspace). Online assumes rate-limited login attempts. GPU assumes MD5/SHA-1 hashing. Bcrypt assumes cost factor 10.
Increase Length (Most Effective)
Length has the biggest impact on entropy. Each additional character adds log₂(pool_size) bits — about 6.6 bits per character with the full ASCII set. Doubling password length doubles the entropy. Going from 8 to 16 characters increases combinations from 10¹⁵ to 10³¹.
Expand Character Set
Adding character types increases the pool size. Lowercase only = 26 chars (4.7 bits/char). Add uppercase = 52 (5.7 bits/char). Add digits = 62 (5.95 bits/char). Add symbols = 95 (6.57 bits/char). For a 16-character password, switching from lowercase to full ASCII adds 30 bits — equivalent to adding 6 extra lowercase characters.
Use Full Randomness
Entropy calculations assume every character is chosen uniformly at random from the pool. If you pick characters yourself, you'll unconsciously favor certain letters, avoid symbols, and create patterns. Always use a cryptographic random generator like our Password Generator.
Avoid Patterns
Dictionary words, keyboard walks, repeated characters, and common substitutions (@ for a, 3 for e) dramatically reduce effective entropy. "P@ssw0rd!123" has 78 bits of theoretical entropy but near-zero effective entropy because it's in every attacker's wordlist.
⚠
Pure entropy assumes randomnessThe formula only holds if every character is chosen uniformly at random from the full pool
⚠
Patterns reduce effective entropyDictionary words, keyboard walks, and repeated characters make passwords far weaker than their theoretical entropy
✓
80+ bits is strong for random passwordsWith truly random generation, 80 bits provides excellent protection against all known attack methods
What is password entropy?
Password entropy measures the randomness of a password in bits. It's calculated as length × log₂(pool size), where pool size is the number of possible characters. Higher entropy means more combinations an attacker must try. A truly random 16-character password using all ASCII printable characters has about 105 bits of entropy.
How many bits of entropy do I need?
For most online accounts, 60+ bits provides solid protection against brute-force attacks. For high-security applications like encryption keys or password manager master passwords, aim for 80+ bits. At 128 bits, your password is effectively uncrackable by any known or foreseeable technology.
Does entropy guarantee a password is secure?
No. Entropy assumes the password is truly random. A password like 'aaaaaaaaaaaaaaaa' is 16 characters but has near-zero effective entropy because it follows an obvious pattern. Use our Password Strength Checker to analyze real passwords with pattern detection. This calculator shows theoretical maximum entropy for a given configuration.
Why does length matter more than character set?
Entropy grows linearly with length but only logarithmically with pool size. Doubling the length doubles the entropy bits, while doubling the character set only adds one bit per character. A 20-character lowercase password (94 bits) is stronger than a 10-character password using all character types (65 bits).
What attack speed should I assume?
It depends on the threat model. Online attacks are limited to about 1,000 guesses/sec by rate limiting. Offline GPU attacks against weak hashes (MD5) can reach 10 billion guesses/sec. Against strong hashes like bcrypt, attackers are limited to about 100,000 guesses/sec. We show crack times for all three scenarios.
Is any data stored or transmitted?
No. All calculations run entirely in your browser using JavaScript. No passwords or parameters are sent to any server. You can verify by checking the network tab in your browser's developer tools.