All posts
May 27, 20265 min read

How strong is your password really? Entropy explained

Most password advice fixates on the wrong thing. Add a capital letter, a number, a symbol, and a strength meter turns green. That meter is measuring the wrong property. What actually determines how hard a password is to guess is its entropy, measured in bits. Once you understand entropy, the usual rules about symbols and substitutions stop looking clever and start looking like noise.

What entropy actually measures

Entropy is a measure of unpredictability. For a password, it answers one question: how many equally likely possibilities would an attacker have to consider to be sure of finding yours?

If a password is drawn at random from a set of N equally likely possibilities, its entropy in bits is:

entropy = log2(N)

The search space N is the size of the character set raised to the length of the password:

N = charsetSize ^ length

So entropy can be written directly as:

entropy = length * log2(charsetSize)

The character set sizes you care about:

  • digits only: 10
  • lowercase letters: 26
  • lowercase and uppercase: 52
  • letters, digits, and common symbols: roughly 95 (printable ASCII)

Each character drawn from a 95 character set contributes about 6.6 bits (log2 of 95). Each character drawn from a 26 character set contributes about 4.7 bits. The key word is contributes: every additional character adds that many bits, every time.

Why length beats complexity

Here is the part most strength meters get backwards. Look at the formula again:

entropy = length * log2(charsetSize)

Length is a multiplier. Character set size only changes the per-character value through a logarithm, which grows slowly. Going from 26 characters to 95 characters multiplies the search space per position, but only raises per-character entropy from about 4.7 bits to about 6.6 bits. Adding one more character to the password adds the full per-character value again.

Compare two passwords:

  • Tr0ub4d (7 characters, full symbol set): about 7 times 6.6, near 46 bits
  • correcthorsebatterystaple (25 lowercase characters): about 25 times 4.7, near 117 bits

The longer all lowercase passphrase is vastly stronger, and far easier to remember. This is why length dominates. Complexity rules push people toward short passwords that are hard for humans and easy for machines.

Why human passwords are weaker than the math says

The formula above assumes every character is chosen independently and at random. Humans do not do that. The moment a person picks the password, the equally likely assumption collapses.

People put capitals at the front and digits and symbols at the end. They use real words, names, dates, and keyboard patterns. They make predictable substitutions: a becomes @, s becomes $, o becomes 0. Attackers know all of this. They do not brute force the full theoretical search space. They run dictionary attacks, common pattern rules, and leaked password lists first.

So P@ssw0rd! has a theoretical entropy near 59 bits but a practical entropy close to zero, because it sits near the top of every cracking wordlist. Real entropy only exists when the selection is genuinely random. That is why a password manager generating random strings, or a passphrase built from randomly chosen words, beats anything a person invents by hand.

What crack-time estimates actually mean

A crack-time number is meaningless without the attack model. The same password can be uncrackable in one scenario and trivial in another.

Online attacks

The attacker guesses against a live login. Rate limiting, lockouts, and network latency cap them at maybe tens to thousands of guesses per second. Even a modest password survives an online attack for a very long time.

Offline attacks

The attacker has stolen a database of password hashes and guesses locally on their own hardware. Speed now depends entirely on the hashing algorithm:

  • Fast, unsalted hashes (MD5, SHA-1): a single GPU can try billions of guesses per second. Anything under about 60 bits falls quickly.
  • Slow, deliberately expensive hashes (bcrypt, scrypt, Argon2): designed to be slow, so guess rates drop to thousands or millions per second, buying years even for moderate passwords.

This is why the same 50 bit password might be called strong or weak depending on whether the service used bcrypt or plain SHA-1. The crack time is a property of the attack and the storage, not just the password.

If you are curious how hashing functions differ in cost, the Hash Generator lets you produce MD5, SHA-256, and others to compare, and the HMAC Generator shows keyed hashing used for message authentication.

Practical guidance

The takeaways follow directly from the formula:

  • Favor length over symbols. A long passphrase of random words beats a short complex string.
  • Use a password manager to generate and store long random passwords you never have to type or remember.
  • Aim for high entropy where it matters: roughly 80 bits or more for anything an attacker might target offline.
  • Stop trusting strength meters that only count character classes. They reward patterns attackers already know.

To see these numbers for a real password, including its estimated entropy and how guess rate changes the crack time, use the Password Strength Analyzer. It runs entirely in your browser. Nothing you type is uploaded or logged, which matters when the input is a password you actually use.

If you are working with tokens and secrets rather than human passwords, the UUID & Token Generator produces high entropy random values suitable for API keys and identifiers, where randomness, not memorability, is the whole point.