Skip to content
Back to Blog
passwordsentropypassword-checkerexplainer

What Is Password Entropy? (Plain-English)

Password strength meters love to flash 'weak' or 'strong,' but the real number underneath is entropy, measured in bits. Here is what entropy actually means, the simple formula, how it translates to crack time, and why zxcvbn beats naive bit-counting.

SZ
Founder, Molixa
14 min read
Share
What Is Password Entropy? (Plain-English)
Table of contents8 sections

Password entropy is a measure of how unpredictable a password is, expressed in bits. The more bits of entropy, the more guesses an attacker needs to crack it, and the math is exponential: every extra bit doubles the work. So when a strength meter calls your password "weak" or "strong," what it is really estimating underneath is its entropy. This guide explains what password entropy means in plain English, the formula that produces it, how bits map to real crack time, and the big trap that makes naive entropy lie to you.

Most explainers fail in one of two ways. They either bury you in logarithm math, or they shrink the idea down to a slogan like "use 12 characters" and skip the part that actually matters. The truth sits in the middle, and once you see it, you will never trust a green strength bar at face value again.

What Is Password Entropy, in Plain English#

Think of entropy as the size of the haystack an attacker has to search. A password drawn from a tiny set of possibilities is a small haystack. One drawn from a huge set is a giant one. Entropy puts a number on that haystack, and it uses bits because computers and cryptographers count in powers of two.

One bit means two possibilities. Two bits mean four. Ten bits mean 1,024. The pattern is that each bit doubles the number of possible passwords an attacker must try. That doubling is the whole reason entropy is the right unit: it captures exponential growth in a single tidy number.

Key idea: entropy measures the number of guesses an attacker needs, not how clever your password looks. "Tr0ub4dor&3" looks complicated to a human and is famously weak. A random four-word phrase looks simple and is far stronger.

So password entropy is not a quality score for how exotic your characters are. It is a guess-count, measured in bits, that tells you how big the search space is. Bigger search space, more bits, harder to crack. That is the entire concept.

Why bits and not just "number of guesses"#

You could express strength as a raw number of guesses, but those numbers get unwieldy fast. A strong password might require billions of trillions of attempts. Saying "80 bits" is cleaner than writing out a 24-digit number, and it keeps the comparisons intuitive: 80 bits is exactly 1,000 times the search space of 70 bits, because 10 extra bits means 2 to the power of 10, which is 1,024.

This is why security people talk in bits. It compresses astronomically large guess counts into small, comparable figures.

The Password Entropy Formula#

Here is the formula every entropy calculator uses for a randomly generated password:

Entropy (bits) = length × log2(pool size)

Two inputs feed it:

  • Pool size: how many distinct characters the password could contain. Lowercase only is 26. Add uppercase and you have 52. Add digits, 62. Add common symbols and you reach roughly 95 printable ASCII characters.
  • Length: how many characters the password has.

The log2(pool size) part tells you how many bits each character contributes. Lowercase letters give about 4.7 bits each. The full 95-character set gives about 6.6 bits per character. Then you multiply by length.

A worked example#

Say you generate a 12-character password using all 95 printable characters:

  • Bits per character = log2(95) ≈ 6.57
  • Total entropy = 12 × 6.57 ≈ 79 bits

Now compare a few common setups so the relationship is concrete:

Password recipePool sizeLengthApprox. entropy
Lowercase only268~38 bits
Lower + upper + digits628~48 bits
All printable ASCII958~53 bits
All printable ASCII1212~79 bits
All printable ASCII1616~105 bits
4 random dictionary words~7,776 words4 words~52 bits
6 random dictionary words~7,776 words6 words~78 bits

Two things jump out. First, length moves the needle far more than adding character types. Going from 8 to 16 characters roughly doubles your bits, while bolting symbols onto a short password barely helps. Second, a six-word random passphrase (each word adding about 12.9 bits) lands near a 12-character random string, which is why memorable passphrases can be genuinely strong.

Warning: this formula is only honest if the password is generated by something truly random. The moment a human picks the characters, the formula starts overstating strength badly. That trap is the heart of this article, and we get to it next.

How Entropy Maps to Crack Time#

Bits are abstract until you turn them into time. To do that you need one more number: how many guesses per second an attacker can make. That depends entirely on the attack scenario, and the difference between scenarios is enormous.

Online vs offline attacks#

  • Online attack: the attacker types guesses into a live login form. Rate limiting, lockouts, and network latency cap them at maybe a few guesses per second to a few hundred. Even a modest password survives this for centuries.
  • Offline attack: the attacker has stolen a database of password hashes and is cracking them on their own hardware. With GPUs they can try billions to hundreds of billions of guesses per second against a fast hash, far more with specialized rigs.

The offline case is the one that matters, because the worst case is what you plan for. A leaked database is exactly when your password's raw entropy is tested at full speed.

Crack-time estimates by entropy level#

The table below assumes a serious offline attacker running about 100 billion (10^11) guesses per second against a weakly protected hash. On average an attacker finds a password after searching half the space, so these are realistic averages, not absolute worst cases.

EntropySearch spaceAvg. crack time at 10^11 guesses/sec
40 bits~1.1 trillionSeconds
50 bits~1.1 quadrillionA few hours
60 bits~1.15 quintillionA few months
70 bits~1.18 sextillion~180 years
80 bits~1.2 septillion~190,000 years
100 bits~1.27 nonillionLonger than the age of the universe

This is why 80 bits is the commonly cited bar for a strong password entropy floor. At 80 bits, even an attacker with massive hardware and a fast, poorly protected hash is looking at geological timescales. Below about 50 bits, you are in trouble the moment a database leaks.

Two caveats keep this honest. If the site stores passwords with a slow, salted hash like bcrypt or Argon2, the attacker's guess rate collapses by orders of magnitude, and even 60 bits buys real safety. And if the site stores them badly (fast unsalted hashes, or worse, plaintext), no entropy saves a short password. You do not control which it is, so aim high.

The Big Trap: Why Naive Entropy Lies#

Here is the part almost every entropy explainer skips, and it is the most important thing on this page. The formula length × log2(pool size) assumes every character is chosen independently and uniformly at random. Humans do not pick passwords that way. We pick patterns.

Consider "Password123!" It has 12 characters from a 95-character pool, so naive math says about 79 bits, supposedly elite-tier. In reality it is one of the most common passwords on earth. A real attacker does not brute-force it character by character. They try a dictionary of leaked passwords and common patterns first, and "Password123!" falls in milliseconds. Its real entropy is closer to 10 bits than 79.

The mistakes that wreck naive entropy:

  • Dictionary words: "dragon" looks like 6 random characters but is one guess from a wordlist.
  • Predictable substitutions: swapping "a" to "@" or "o" to "0" is the first thing crackers try. It adds almost nothing.
  • Keyboard walks: "qwerty", "asdfgh", and "1qaz2wsx" are patterns, not randomness.
  • Dates and years: "1990", "2024", and birthdays shrink the space dramatically.
  • Capitalize-first, digit-last: "Sunshine2024!" follows a template attackers model directly.

The lesson: naive entropy measures the password as if it were random, but a human-chosen password is predictable, so its real, attacker-facing entropy is far lower. This gap is why a simplistic strength meter can show a reassuring green bar on a password an attacker cracks instantly.

Why generated passwords are the exception#

Everything above is an argument for not choosing passwords yourself. When a tool draws characters using cryptographic randomness, the naive formula is accurate, because there is no pattern to exploit. That is the whole point of a generator: it gives you a password whose real entropy actually equals its calculated entropy. If you want passwords where the math is trustworthy, generate them with a tool that uses real randomness, like the free password generator, rather than inventing them in your head.

How zxcvbn Estimates Real Strength#

Because naive bit-counting is so misleading for human passwords, the best modern strength meters do not use it alone. They use an algorithm called zxcvbn, originally built by Dropbox, and it is what powers serious password-strength checkers.

Instead of assuming randomness, zxcvbn assumes the attacker is smart. It scans your password for the patterns humans actually use and prices each one at its real-world guess cost:

  • It detects dictionary words (including leetspeak variants like "p@ssw0rd").
  • It recognizes keyboard patterns, sequences, and repeats.
  • It spots dates, years, and common name patterns.
  • It checks against lists of the most common leaked passwords.

Then it estimates the total guesses an attacker would need, accounting for the cheapest path to your specific password, and converts that into a strength score and a crack-time estimate. The result is a realistic number, not an optimistic one.

The practical takeaway: a zxcvbn-based meter will tell you "Password123!" is terrible even though naive math says 79 bits. It is modeling the attacker, not the keyboard.

This is exactly how a trustworthy password strength checker works. It runs zxcvbn locally in your browser, shows you the realistic entropy and crack time, and flags the specific weakness (a dictionary word, a year, a keyboard walk) so you know what to fix. Because it runs client-side, your password never leaves your device, which matters: you should never type a real password into a site that sends it anywhere.

Naive entropy vs zxcvbn at a glance#

Naive entropy (pool^length)zxcvbn estimate
AssumesEvery character is randomAttacker exploits human patterns
"Password123!"~79 bits (very wrong)~10 bits (realistic)
Random 16-char string~105 bits (accurate)~105 bits (accurate)
Best forGenerated passwordsHuman-chosen passwords
RiskMassively overstates strengthClose to real attacker cost

How Many Bits Do You Actually Need?#

There is no single magic number, but these tiers reflect real-world consensus:

  • Under 50 bits: weak. Survives an online attack but falls quickly in an offline crack. Avoid for anything that matters.
  • 50 to 70 bits: moderate. Fine for low-stakes accounts, especially if the site uses a slow hash, but not where breach impact is high.
  • 70 to 80 bits: strong. A reasonable target for important accounts. A 6-word passphrase or a 12-plus character random string gets you here.
  • 80 bits and above: very strong. The recommended floor for anything sensitive (email, banking, password-manager master password). Aim here.
  • 100-plus bits: overkill for almost everyone, but cheap to reach with a 16-character random password or a 7-word passphrase, and a fine default.

The simplest way to hit a strong target without doing log2 math in your head: use 16-plus random characters, or a 6-to-7 word random passphrase, and let a checker confirm the number. Length is your cheapest source of bits, so when in doubt, make it longer rather than weirder.

For deeper guidance on choosing length specifically, our walkthrough on how long a password should be in 2026 breaks down the length targets per account type, and a strong password generator will produce one at your chosen entropy in one click.

What Password Entropy Means for You#

Password entropy is the honest measure of how hard your password is to guess, counted in bits, where each bit doubles the attacker's work. The formula (length × log2 of the pool size) is exact for truly random passwords and dangerously optimistic for human-chosen ones, because people fall into patterns that smart attackers exploit first. That gap is why you should trust a zxcvbn-based meter over a green bar that just counts characters.

The practical version comes down to three moves. Aim for at least 80 bits on anything that matters. Get those bits from length and real randomness, not from sprinkling symbols on a word you can remember. And verify the real number with a checker that models the attacker rather than the keyboard. Run any password through a free password strength checker to see its actual entropy and crack time before you rely on it.

Frequently Asked Questions#

What is password entropy in simple terms? Password entropy is a measure of how unpredictable a password is, expressed in bits, where each bit doubles the number of guesses an attacker needs. Higher entropy means a bigger search space and a longer crack time. It estimates resistance to guessing, not how exotic the password looks to a human.

How do you calculate password entropy? For a truly random password, entropy in bits equals the length multiplied by log2 of the character pool size. A pool of 95 printable characters gives about 6.6 bits per character, so a 12-character random password has roughly 79 bits. This formula only holds when the characters are chosen randomly, not by a person.

How many bits of entropy is a strong password? Around 80 bits is the widely cited floor for a strong password, because even a fast offline attacker would need hundreds of thousands of years on average to crack it. For low-stakes accounts, 60 to 70 bits is usually fine, especially when the site uses a slow hash like bcrypt or Argon2. For sensitive accounts, aim for 80 bits or more.

Why does my complicated password show as weak? Because strength meters that use zxcvbn model how attackers actually guess, not the naive character-count formula. A password like "Tr0ub4dor&3" or "Password123!" uses predictable words, substitutions, and patterns that crackers try first, so its real entropy is far below the theoretical figure. Length and genuine randomness raise your real score, not clever-looking substitutions.

Is a passphrase higher entropy than a random password? It can be, and it is easier to remember. Each random word from a roughly 7,776-word list adds about 12.9 bits, so a 6-word passphrase reaches about 78 bits, comparable to a 12-character random string. The catch is the words must be chosen randomly, not picked by you, or the entropy collapses.

Does adding symbols increase password entropy a lot? Less than people expect. Adding symbols grows the per-character pool from 62 to about 95, which adds roughly 0.6 bits per character. Adding a few more characters of length usually buys far more entropy than swapping in symbols, which is why long passphrases and longer random strings outperform short "complex" passwords.

passwordsentropypassword-checkerexplainer

More from Molixa

Try Molixa Tools

50+ free AI tools for content creation, SEO, coding, and more. No signup, no watermark.

Explore all tools