The math, briefly
For a randomly generated password drawn from an alphabet of
N characters with length L:
entropy_bits = L × log2(N)The alphabet size N is determined by which character classes appear in the password:
| Class | Characters | Adds to N |
|---|---|---|
| Lowercase | a–z | +26 |
| Uppercase | A–Z | +26 |
| Digits | 0–9 | +10 |
| Symbols (printable ASCII) | e.g. !@#$%^&* | +32 |
| Space | ' ' | +1 |
| Extended (UTF-8) | everything else | variable |
A 12-character password using lowercase + uppercase + digits +
symbols has alphabet 94 → 12 × log2(94) ≈ 78.6 bits.
That's the theoretical maximum, assuming each character was
chosen uniformly at random from the full alphabet.
Why human-chosen passwords are weaker than this math suggests
The formula assumes randomness. Humans pick patterns:
- Words from a dictionary, often capitalized at the start.
- Digits at the end.
- Symbols substituted for letters (a → @, e → 3).
- Personal info (birthday, kid's name).
Modern crackers know all of this. They don't try
aaaa, aaab, aaac —
they try common-word combinations first, and a "complex"
password like P@ssw0rd1 falls in seconds despite
appearing to have ~50 bits of entropy.
The widget above shows the apparent entropy (the math) with a warning when common patterns are detected. For a real attack-resistance estimate, use a tool that runs the zxcvbn algorithm.
How many bits is enough?
| Use case | Recommended floor |
|---|---|
| Throwaway forum account | 40 bits |
| Email, social media | 60 bits |
| Banking, work accounts | 80 bits |
| Password manager master password | 100 bits |
| Encryption key derivation | 128 bits |
Easiest way to hit 80+ bits: a passphrase of 5+ random words from a 5,000-word list (~12.3 bits/word × 5 = 61 bits — get to 80 with 7 words). The classic "EFF diceware wordlist" is 7,776 words and well-tested.
Crack-time math
Search space is 2^bits. On average an attacker
finds the password after searching half of it.
avg_seconds = (2^bits / 2) / guesses_per_secondReasonable rates for a determined attacker in 2026:
- Online attack (rate-limited login API): ~10 guesses/sec. Even 40 bits is "centuries".
- Offline attack on bcrypt-12 hash: ~100,000 guesses/sec on consumer GPU. 60 bits ≈ years.
- Offline attack on plain SHA-256: ~1 trillion guesses/sec. 80 bits ≈ 18 years; 100 bits ≈ 19 million years.
- Offline attack on Argon2 (memory-hard): ~10,000 guesses/sec. Far slower than bcrypt because of the memory requirement.
Hash function matters more than you'd think. The same password is "instantly cracked" against unsalted MD5 and "uncrackable for centuries" against bcrypt-12. More on this.
FAQ
What is password entropy?
A measurement of how unpredictable a password is, in bits. Entropy = log2(possible passwords). Each bit doubles the search space. 60 bits ≈ 10^18 possibilities; 80 bits is the modern recommended floor for high-value accounts.
How is entropy calculated?
For a randomly generated password from an alphabet of N characters with length L, entropy = L × log2(N). For human-chosen passwords this overstates real entropy because humans don't pick randomly — 'Password1!' has high apparent entropy and near-zero real entropy. zxcvbn estimates real entropy by trying common patterns.
Why does my password show low entropy when it has symbols and numbers?
Likely because the structure is predictable. 'Tr0ub4dor&3' (the famous XKCD example) is shorter than four random words and has lower entropy despite the symbols. Length contributes more than complexity once you cross ~12 characters.
Is bits-of-entropy the same as password strength?
Mostly — for random passwords. For human-chosen passwords, entropy estimates from tools like zxcvbn correlate with crack-time but aren't a perfect predictor. The right intuition: entropy is the floor of strength, not the ceiling.
How many bits do I actually need?
60 bits resists casual cracking. 80 bits is the modern minimum for accounts that matter. 100+ bits is appropriate for long-lived secrets (master passwords, encryption keys). For comparison, an Argon2-hashed 80-bit password takes thousands of years to brute-force at 2026 GPU rates.