Password Entropy Calculator
How strong is your password really? Calculate bits of entropy and time-to-crack against modern hardware.
Entropy is the only number that matters
"Use a strong password" is bad advice. The actually-useful question is: how many bits of entropy? Entropy is the log2 of the search space — basically, how many guesses an attacker needs on average. More bits = exponentially harder to crack.
| Bits | Search space | Time at 10 GH/s | Verdict |
|---|---|---|---|
| 40 | ~1 trillion | ~2 minutes | Trivially cracked |
| 60 | ~1 quintillion | ~3.6 years | Weak — phishing-target only |
| 80 | ~10²⁴ | ~3.8 million years | Reasonable for most uses |
| 100 | ~10³⁰ | ~4 trillion years | Solid for high-value accounts |
| 128+ | — | Heat death of universe | Cryptographic-grade |
Two strategies that actually work
Diceware passphrases — 5+ random dictionary words separated by spaces. Each word from a list of ~7,776 contributes about 12.9 bits. Six words ≈ 77 bits, easy to memorize.
Random character strings — minimum 14 chars from full ASCII (a-z, A-Z, 0-9, symbols). 14 chars × log2(95) ≈ 92 bits. Use a password manager — you won't memorize it.
This calculator estimates entropy for random passwords. If your password is "P@ssw0rd!" or your kid's birthday or a common phrase, the real entropy is far lower — attackers use dictionaries and rule-based attacks first, not raw brute force. The entropy figure is an upper bound.