Password Entropy Explained: How Strong Is Your Password
Your 8-character password can be cracked in under 5 hours by a modern GPU cluster. Your 12-character one might take 1.2 million years. The difference comes down to entropy—a mathematical property that quantifies just how hard it is to guess your password.
Understanding password entropy explains why some passwords feel secure while others collapse instantly under attack. It’s the foundation of password policy, password generator design, and how security teams set requirements. For practical guidance on creating strong passwords, see the Strong Password Guide.
What is Password Entropy?
Entropy is the information-theoretic measure of unpredictability. For passwords, it answers this question: how many guesses does an attacker need, on average, to break a password?
Entropy is not the same as password complexity. A 20-character string composed of a predictable pattern (repeated character, sequential keyboard walk, or phrase with substitutions) has low entropy despite its apparent length. A 12-character random string from a full character set has much higher entropy and is far more secure.
The term comes from Claude Shannon’s foundational 1948 work on information theory. For passwords, we measure entropy in bits, where one additional bit doubles the number of possible guesses required.
The Entropy Formula
The entropy of a password is calculated as:
H = L × log₂(N)Where:
- H = entropy in bits
- L = password length (number of characters)
- N = alphabet size (number of possible characters)
The formula assumes the password is randomly selected from a uniform distribution across the character set. This is crucial: the formula only applies to machine-generated passwords, not human-chosen ones.
Character Set Sizes
The size of your alphabet determines how much entropy each character contributes:
| Character Class | Size | Example |
|---|---|---|
| Lowercase only | 26 | abcdefghijklmnopqrstuvwxyz |
| Uppercase only | 26 | ABCDEFGHIJKLMNOPQRSTUVWXYZ |
| Digits | 10 | 0123456789 |
| Lowercase + Uppercase | 52 | a-zA-Z |
| Lowercase + Digits | 36 | a-z0-9 |
| Full ASCII (letters, digits, symbols) | 94 | a-zA-Z0-9!@#$%^&*(…) |
Worked Examples
Let’s calculate actual entropy for common scenarios:
8-character lowercase password:
H = 8 × log₂(26)
H = 8 × 4.7 = 37.6 bitsAt 10 billion guesses per second (GPU capacity), this requires ~10 seconds to crack.
12-character full ASCII password:
H = 12 × log₂(94)
H = 12 × 6.55 = 78.6 bitsAt the same rate, this requires ~726,000 years.
16-character full ASCII password:
H = 16 × log₂(94)
H = 16 × 6.55 = 104.8 bitsThis exceeds the computing power of any realistic attacker by astronomical margins.
20-character full ASCII password:
H = 20 × log₂(94)
H = 20 × 6.55 = 131 bitsThis approaches the entropy needed for encryption keys, far beyond typical password requirements.
How Fast Can Passwords Be Cracked?
Crack time depends on three factors: entropy (how many possible passwords), attack speed (guesses per second), and whether the attacker can use shortcuts (wordlists, rainbow tables, GPU acceleration).
Cracking Speed by Entropy
Here’s a practical reference table:
| Entropy (bits) | Alphabet | Example Length | Guess Time (10B/sec) | GPU Time |
|---|---|---|---|---|
| 40 | 94 | 6 chars | 12 hours | 90 seconds |
| 50 | 94 | 8 chars | 13 days | 2 hours |
| 60 | 94 | 10 chars | 36 years | 27 hours |
| 80 | 94 | 12 chars | 1.2M years | 8 months |
| 100 | 94 | 15 chars | 1.3B years | 40 years |
| 128 | 94 | 19 chars | unrealistic | 3000+ years |
The “10B/sec” column assumes standard CPUs. The “GPU Time” column uses a modern GPU cluster (10 trillion hashes/second), which is realistic for attackers with resources.
Key insight: Beyond 80 bits of entropy, the time to crack becomes impractical even with GPU clusters.
Length vs Complexity: The Numbers
A common misconception: adding uppercase, numbers, and symbols is the best way to increase entropy. The math tells a different story.
Case Study: 8 vs 16 Characters
Option A: 8-character full ASCII (uppercase, lowercase, digits, symbols)
H = 8 × log₂(94) = 52.4 bits
Crack time at 10B guesses/sec: ~7 hoursOption B: 16-character lowercase only
H = 16 × log₂(26) = 75.2 bits
Crack time at 10B guesses/sec: ~500 yearsOption B is 1000 times more secure despite using no numbers or symbols. Length dominates complexity.
The Ideal Approach
The strongest passwords combine both:
20-character mixed case with symbols:
H = 20 × log₂(94) = 131 bitsThis is overkill for most user accounts but appropriate for API keys, encryption keys, and master passwords.
16-character mixed case with symbols:
H = 16 × log₂(94) = 104.8 bitsThis is the practical sweet spot: high entropy, reasonable length, usable in most systems.
Why Human-Chosen Passwords Fail
The entropy formula assumes uniform random selection. Human-chosen passwords violate this assumption catastrophically.
The Effective Entropy Gap
Research by password security experts (Bonneau, 2012) estimated the effective entropy of user-chosen passwords:
- Enforced complexity rule (uppercase, digit, symbol): 20-30 bits effective entropy
- Standard user-chosen password: 10-15 bits effective entropy
- Machine-generated random password: 95%+ of theoretical entropy
Humans are predictable. They capitalize the first letter, append a digit at the end, use common words, and follow patterns that attackers enumerate in attack dictionaries.
Why Wordlists Win Against Complexity
The rockyou.txt dataset (14 million real passwords leaked in 2009) includes:
Password1,Welcome1,Login123(word + capitalization + digit)Abc123def!,P@ssw0rd(leet-speak substitutions)- Common names + years (
John2024,Sarah1990) - Keyboard walks (
qwerty123,1qaz2wsx)
Modern attack dictionaries contain hundreds of millions of common passwords and their variations. An attacker’s first 10 billion guesses will crack the vast majority of human-chosen passwords, regardless of your complexity rules.
This is why NIST SP 800-63B (2024) shifted away from mandatory complexity and toward minimum length + checking against breached password lists.
Real-World Attack Vectors
Brute force is the slowest attack method. Real attackers use shortcuts:
Dictionary Attacks
An attacker tests wordlists—lists of common words, phrases, previous breaches, and rule-based variations.
Time to test 1 billion passwords: seconds to minutes.
Rainbow Tables
Precomputed hashes of common passwords stored in a lookup table. If a password database is breached and passwords aren’t properly hashed, rainbow tables match hashes to plaintext in microseconds.
Defense: Use a proper password hashing function (bcrypt, Argon2) that is slow and unique per password, making rainbow tables impractical.
GPU Acceleration
A single modern GPU can compute:
- 10 billion SHA-256 hashes per second
- 100 million bcrypt hashes per second (bcrypt is intentionally slow)
Botnets and cloud instances with GPU access make this accessible to well-resourced attackers.
Credential Stuffing
When a service is breached and passwords leak, attackers test those credentials against every other service. The HaveIBeenPwned database tracks 14 billion+ breached accounts for exactly this reason.
Defense: Use a unique password for every service and enable multi-factor authentication.
How to Generate High-Entropy Passwords
Machine generation is the only reliable way to achieve the entropy the formula predicts.
Using Cryptographically Secure Randomness
The Web Crypto API’s crypto.getRandomValues is the browser standard:
function generatePassword(length: number, charset: string): string {
const chars = charset.split("");
const randomValues = new Uint32Array(length);
crypto.getRandomValues(randomValues);
return Array.from(randomValues)
.map((val) => chars[val % chars.length])
.join("");
}
const CHARSET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+-=[]{}|;:,.<>?";
const password = generatePassword(16, CHARSET);This generates a password with entropy of approximately 104.8 bits—extremely difficult to crack.
Server-Side Generation
Python’s secrets module uses the OS entropy pool directly:
import secrets
import string
def generate_password(length: int = 16) -> str:
alphabet = string.ascii_letters + string.digits + string.punctuation
return "".join(secrets.choice(alphabet) for _ in range(length))Never use random.choice() for security—it’s not cryptographically secure.
Diceware Passphrases
For memorable passwords, Diceware (rolling dice to select words from a large wordlist) offers comparable entropy:
4 words from EFF list: 4 × log₂(1296) ≈ 51.6 bits
6 words from EFF list: 6 × log₂(1296) ≈ 77.5 bitsA 6-word Diceware passphrase is roughly equivalent to a 12-character full-ASCII password, but more memorable.
Generate strong passwords instantly with the Password Generator tool.
Common Mistakes
Mistake 1: Trusting Complexity Over Length
Adding uppercase and symbols provides marginal entropy gains compared to doubling the length.
16 lowercase characters (75 bits) beats 8 mixed case (52 bits) by a wide margin.
Mistake 2: Assuming Human Memory = Security
Passwords you can remember are passwords attackers can guess. If you can memorize it, it likely follows patterns that are well-represented in attack dictionaries.
Use a password manager for non-memorable passwords and reserve human memory for the master password only.
Mistake 3: Relying on Obscurity in Passwords
Leetspeak (p@ssw0rd, s3curity) is enumerated in every modern attack ruleset. It doesn’t add meaningful entropy.
Mistake 4: Ignoring Breached Password Lists
Even a high-entropy password is worthless if it was exposed in a previous breach. Check your passwords against HaveIBeenPwned or similar services.
Mistake 5: Forgetting That Entropy Assumes Randomness
A password that looks random but is actually derived from a seed or pattern has far lower effective entropy than the formula suggests. Only cryptographic randomness (CSPRNG) counts.
Frequently Asked Questions
What entropy is considered strong?
For user accounts, 60 bits is adequate. For high-value accounts (admin, financial, email recovery), 80 bits is recommended. For API keys and encryption keys, 128 bits or more is standard.
How does entropy relate to password managers?
Password managers store passwords encrypted, so only the strength of the manager’s master password matters for the manager itself. The master password should have at least 80 bits of entropy. Generated passwords in the manager can exceed this without penalty since they’re encrypted.
Can I calculate entropy for my own password?
Yes, using the formula, but only if the password is truly random. If you chose it yourself, the effective entropy is much lower—typically 10-20 bits regardless of the formula’s result.
Is a 12-character password always stronger than 10 characters?
Not necessarily. A 10-character password from a full ASCII alphabet (94 characters) has 65.5 bits of entropy. An 8-character password from a 256-character alphabet has 64 bits. Length and character set size both matter, but in most practical scenarios, the difference comes down to what alphabet is supported.
How do password expiration and rotation affect entropy?
They don’t. A weak password doesn’t become strong by being rotated. However, rotation is useful after a breach to limit the window an attacker has to crack or misuse the old password.
What if a service doesn’t allow special characters?
It reduces your alphabet size and entropy per character. An 8-character alphanumeric password has 47.6 bits of entropy versus 52.4 bits with symbols. Prefer a longer password (12 alphanumeric) to compensate.
Conclusion
Password entropy quantifies security in bits. Every additional bit of entropy doubles the computational effort to crack the password. This mathematical foundation explains why length matters far more than complexity and why machine generation beats human invention.
For modern security: use a minimum of 12 characters for human-chosen passwords and 16-20 for anything generated by a system. Always use a proper password hashing function (bcrypt, Argon2) if storing passwords.
Generate cryptographically random passwords with the Password Generator tool, then verify hash security with the Hash Generator for stored credentials.