Password Entropy Calculator
How strong is your password really? Calculate bits of entropy and time-to-crack against modern hardware.
Entropy is the only number that matters
"Use a strong password" is bad advice. The actually-useful question is: how many bits of entropy? Entropy is the log2 of the search space โ basically, how many guesses an attacker needs on average. More bits = exponentially harder to crack.
| Bits | Search space | Time at 10 GH/s | Verdict |
|---|---|---|---|
| 40 | ~1 trillion | ~2 minutes | Trivially cracked |
| 60 | ~1 quintillion | ~3.6 years | Weak โ phishing-target only |
| 80 | ~10ยฒโด | ~3.8 million years | Reasonable for most uses |
| 100 | ~10ยณโฐ | ~4 trillion years | Solid for high-value accounts |
| 128+ | โ | Heat death of universe | Cryptographic-grade |
Two strategies that actually work
Diceware passphrases โ 5+ random dictionary words separated by spaces. Each word from a list of ~7,776 contributes about 12.9 bits. Six words โ 77 bits, easy to memorize.
Random character strings โ minimum 14 chars from full ASCII (a-z, A-Z, 0-9, symbols). 14 chars ร log2(95) โ 92 bits. Use a password manager โ you won't memorize it.
This calculator estimates entropy for random passwords. If your password is "P@ssw0rd!" or your kid's birthday or a common phrase, the real entropy is far lower โ attackers use dictionaries and rule-based attacks first, not raw brute force. The entropy figure is an upper bound.