Password Entropy Calculator
How many bits of entropy does your password have?
Length
0
Pool size
0
Entropy (bits)
0.00
Combinations
0
Estimated time to crack (10^10/sec)
—
Type a password to see its entropy
Entropy = length × log2(pool size). The pool counts each character class you used (lowercase +26, uppercase +26, digits +10) plus the count of unique symbols.
Tips and related tools
Entropy is a useful but imperfect estimate — it assumes attackers don't know any structure about the password. For real-world security, also check whether your password has appeared in a breach and how strong it is against pattern-based attacks.
Frequently Asked Questions
What is password entropy?
Entropy is a measure of how unpredictable a password is, expressed in bits. Each bit doubles the number of guesses an attacker needs. A 40-bit password takes 2^40 ≈ 1 trillion guesses on average to crack; an 80-bit password takes 2^80 ≈ 1.2 × 10^24 guesses.
What is a good entropy value?
For low-risk accounts, 40+ bits is acceptable. For online accounts with lockouts, 60+ bits is comfortable. For high-value accounts (banking, master passwords), aim for 80+ bits. Random 16-character passwords with mixed character classes typically exceed 90 bits.
How is entropy calculated?
For a random password of length L drawn from a pool of P characters, entropy ≈ L × log2(P). This calculator estimates P by counting which character classes appear (lowercase, uppercase, digits) plus the number of unique symbols. The estimate is correct only if every character was chosen uniformly at random.
Is more entropy always better?
For security, yes — within reason. Beyond ~100 bits there's no practical difference for any threat model that can be defeated by brute force. Length and uniqueness usually matter more than squeezing the last few bits.
Related Tools
Continue your security workflow with these tools