Skip to content

Password Entropy Calculator

Measure a password's entropy in bits and estimate crack time.

Checked locally — your password is never sent anywhere.

Processed only in your browser; never uploaded or stored.

How do you calculate password entropy?

Entropy (bits) = length × log₂(pool size), where the pool adds 26 for lowercase, 26 for uppercase, 10 for digits and 33 for symbols, based on the sets used. It assumes random characters, so treat it as a best case. A 12-character password using all four sets has a pool of 95 and about 79 bits — strong.

Understanding your result

This is an upper bound that assumes random characters. Real passwords built from words, names or patterns are far more guessable than their length suggests, so treat the number as a best case. Length matters more than adding symbols — each extra character multiplies the work. Aim for 60+ bits, and more for important accounts.

Formula and method

Entropy (bits) = length × log₂(pool size), where the pool adds 26 for lowercase, 26 for uppercase, 10 for digits and 33 for symbols, based on the sets used.

Assumptions and limitations

The bits shown are an upper bound that assumes truly random characters, so real passwords built from words, names, dates or keyboard patterns are far weaker than their length implies. The crack-time estimate depends on assumed guessing speed, which attackers vary. This runs in your browser and analyses, rather than improves, the password you enter.

Worked example

A 12-character password using all four sets has a pool of 95, so its entropy is about 12 × log₂(95) ≈ 79 bits — strong.

How to use this tool

  1. Type or paste a password.
  2. Read the entropy in bits and the strength rating.
  3. Check the estimated crack times.

Common mistakes to avoid

  • Assuming a short but complex password is strong — length wins.
  • Trusting the bit count for a dictionary word or common pattern.
  • Reusing even a high-entropy password across sites.

About the Password Entropy Calculator

The Password Entropy Calculator measures how unpredictable a password is, in bits, from its length and the character sets it uses. It also estimates how long it would take to crack by brute force.

Who should use this tool

Anyone choosing a password, plus developers and security-minded users.

Benefits

  • Entropy in bits with a clear strength rating.
  • Crack-time estimates for fast and throttled attacks.
  • Shows the character pool and length behind the score.
  • Private — your password never leaves your browser.

Practical use cases

  • Checking whether a password is long enough.
  • Comparing a passphrase against a complex string.
  • Teaching how length beats complexity.

Explore all Security and Privacy tools

Frequently asked questions

How many bits of entropy is secure?

Around 60 bits is reasonable for everyday accounts and 80+ bits is strong. High-value accounts benefit from even more.

Is my password sent anywhere?

No. Everything is calculated in your browser and nothing is uploaded or stored.

Why is a long passphrase often better?

Each extra character multiplies the number of possibilities, so a long passphrase can beat a short complex password while being easier to remember.

Share this tool

Free to use — copy the link, share it anywhere, or add the tool to your own website.

Embed this tool on your site (free)

Copy this code and paste it into any web page — it stays free and always up to date: