Password Entropy Calculator
Measure your password's randomness in bits of entropy.
Shannon Entropy Explained Simply
Claude Shannon, the father of information theory, defined entropy as a measure of information content. For passwords, entropy answers: "If an attacker knows my password's format, how many guesses would they need?"
The formula is straightforward: H = L × log₂(R) where H is entropy in bits, L is password length, and R is the character pool size (the "alphabet" your password draws from).
Entropy vs. Practical Strength
Entropy assumes each character is chosen uniformly at random. A password like "aaaaaaaaaaaa" technically has 56 bits of entropy (12 × log₂(26)), but it would be cracked instantly because attackers try repeated characters first.
This is why entropy is a ceiling, not a guarantee. For a realistic assessment that accounts for patterns, use our Strength Checker alongside this calculator.
Recommended Entropy by Use Case
| Use Case | Minimum Entropy | Recommended |
|---|---|---|
| Low-value accounts (forums) | 36 bits | 50+ bits |
| Standard accounts (social media) | 50 bits | 65+ bits |
| High-value accounts (email, banking) | 65 bits | 80+ bits |
| Password manager master password | 80 bits | 100+ bits |
| Encryption keys | 128 bits | 128-256 bits |
Frequently Asked Questions
What is password entropy?
Entropy measures the unpredictability of a password, expressed in bits. Each bit doubles the number of possible combinations. A password with 80 bits of entropy has 2^80 (about 1.2 × 10^24) possible combinations — practically uncrackable by brute force.
How is entropy calculated?
Entropy = password length × log₂(pool size). The pool size depends on which character types are used: lowercase (26), uppercase (+26 = 52), digits (+10 = 62), symbols (+33 = 95). A 16-character password using all types: 16 × log₂(95) ≈ 105 bits.
How many bits of entropy do I need?
28-36 bits: weak (crackable in minutes). 36-50 bits: fair (hours to days). 50-65 bits: strong (years to millennia). 65-80 bits: very strong (effectively uncrackable). 80+ bits: overkill for current technology, but future-proof.
Does entropy account for password patterns?
The entropy shown here is the theoretical maximum assuming each character is chosen uniformly at random. Real-world entropy is lower if you used dictionary words, patterns, or personal information. Use our Strength Checker for pattern-aware analysis.
Is entropy the only measure of password security?
No. Entropy measures brute-force resistance but doesn't account for: password reuse (check with Leak Checker), phishing attacks, or how the service stores your password (MD5 vs bcrypt). Entropy is necessary but not sufficient.
What's the difference between entropy and keyspace?
Keyspace is the total number of possible passwords (e.g., 95^16 ≈ 4.4 × 10^31). Entropy is log₂(keyspace) — a more compact way to express the same thing. 105 bits of entropy = a keyspace of 2^105.