What is password entropy?

Password entropy is a measure of how unpredictable a password is, expressed in bits. It is calculated as: Entropy = Length × log₂(Character Pool Size). Higher entropy means a stronger, harder-to-crack password.

How many bits of entropy does a password need to be secure?

Security professionals recommend at least 80 bits of entropy for a strongly secure password. For highly sensitive applications, 100+ bits is preferred. A 12-character password using mixed case, numbers, and symbols achieves approximately 79 bits.

Advertisement (728x90)

🔐

💻 Tech & Computing

Password Entropy Calculator

Calculate the entropy and estimated crack time of a password based on character set size and length.

⚡ Instant 🆓 Free 🔒 Private

password entropy security strength hacking cybersecurity

Enter Password

Your password is never sent to any server — this runs entirely in your browser.

Lowercase

Uppercase

Digits

Symbols

Password Entropy & Cryptographic Strength

Password entropy is a measurement of how unpredictable (and thus secure) a password is. It is measured in bits — the higher the entropy, the more computationally expensive it is for an attacker to crack the password through brute force.

The Entropy Formula

Entropy (bits) = Password Length × log₂(Character Pool Size)

Where the character pool includes: lowercase (26), uppercase (26), digits (10), symbols (~32)

Entropy Strength Guidelines

Security professionals generally recommend passwords with at least 80 bits of entropy. A 12-character password using all four character sets achieves approximately 79 bits. Below 36 bits is considered very weak — a modern GPU cluster can crack such passwords in seconds.