Measure a password's entropy in bits and estimate crack time.
Checked locally — your password is never sent anywhere.
How do you calculate password entropy?
Entropy (bits) = length × log₂(pool size), where the pool adds 26 for lowercase, 26 for uppercase, 10 for digits and 33 for symbols, based on the sets used. It assumes random characters, so treat it as a best case. A 12-character password using all four sets has a pool of 95 and about 79 bits — strong.
Understanding your result
This is an upper bound that assumes random characters. Real passwords built from words, names or patterns are far more guessable than their length suggests, so treat the number as a best case. Length matters more than adding symbols — each extra character multiplies the work. Aim for 60+ bits, and more for important accounts.
Formula and method
Entropy (bits) = length × log₂(pool size), where the pool adds 26 for lowercase, 26 for uppercase, 10 for digits and 33 for symbols, based on the sets used.
Assumptions and limitations
The bits shown are an upper bound that assumes truly random characters, so real passwords built from words, names, dates or keyboard patterns are far weaker than their length implies. The crack-time estimate depends on assumed guessing speed, which attackers vary. This runs in your browser and analyses, rather than improves, the password you enter.
Worked example
A 12-character password using all four sets has a pool of 95, so its entropy is about 12 × log₂(95) ≈ 79 bits — strong.
How to use this tool
- Type or paste a password.
- Read the entropy in bits and the strength rating.
- Check the estimated crack times.
Common mistakes to avoid
- Assuming a short but complex password is strong — length wins.
- Trusting the bit count for a dictionary word or common pattern.
- Reusing even a high-entropy password across sites.
About the Password Entropy Calculator
The Password Entropy Calculator measures how unpredictable a password is, in bits, from its length and the character sets it uses. It also estimates how long it would take to crack by brute force.
Who should use this tool
Anyone choosing a password, plus developers and security-minded users.
Benefits
- Entropy in bits with a clear strength rating.
- Crack-time estimates for fast and throttled attacks.
- Shows the character pool and length behind the score.
- Private — your password never leaves your browser.
Practical use cases
- Checking whether a password is long enough.
- Comparing a passphrase against a complex string.
- Teaching how length beats complexity.
Explore all Security and Privacy tools
Frequently asked questions
How many bits of entropy is secure?
Around 60 bits is reasonable for everyday accounts and 80+ bits is strong. High-value accounts benefit from even more.
Is my password sent anywhere?
No. Everything is calculated in your browser and nothing is uploaded or stored.
Why is a long passphrase often better?
Each extra character multiplies the number of possibilities, so a long passphrase can beat a short complex password while being easier to remember.