What Is Password Entropy?
Password entropy measures, in bits, how unpredictable a password is. Each extra bit doubles the number of guesses an attacker must make on average. A password with 40 bits has roughly a trillion possible combinations, while 80+ bits is considered very strong against modern brute-force attacks. This tool is a universal mathematical estimate and does not account for dictionary words, predictable patterns, or reuse.
How to Use This Calculator
Enter the length of your password and tick the character sets it draws from: lowercase letters (26), uppercase letters (26), digits (10), and symbols (≈32). The calculator sums those into the charset size \(R\), then computes entropy assuming each character is chosen randomly and independently.
The Formula Explained
Entropy is $$E = L \times \log_{2}(R)$$ where \(L\) is the number of characters and \(R\) is the charset size. The base-2 logarithm converts the total number of combinations (\(R^{L}\)) into bits, because each bit represents one binary yes/no decision. Equivalently, \(E = \log_{2}(R^{L})\).
Worked Example
A 12-character password using lowercase + uppercase + digits has \(R = 26 + 26 + 10 = 62\). So $$E = 12 \times \log_{2}(62) = 12 \times 5.954 \approx 71.45 \text{ bits}$$ with \(62^{12} \approx 3.2 \times 10^{21}\) possible combinations — strong enough for most uses.
FAQ
How many bits is "secure"? A common guideline: 60+ bits is decent, 80+ bits is strong, and 100+ bits is excellent for high-value accounts.
Does this measure my actual password? No. It assumes truly random characters. A 12-character password like "Password1234" has far less real entropy because it follows guessable patterns.
Why use \(\log_{2}\)? Entropy is measured in bits, and one bit doubles the guessing effort — exactly what a base-2 logarithm captures.
