Password Entropy Calculator

Bits of entropy from length and character set — with the formula shown, not hidden.

How it works

Entropy is a measure of unpredictability, in bits. For a password chosen uniformly at random it is length × log2(pool), where the pool is how many different characters each position could hold. Enabling a character class adds its size to the pool: lowercase and uppercase are 26 each, digits 10, and the common symbol set about 33 — a full pool is roughly 95. Each bit doubles the number of guesses an attacker must make, so 40 bits is a thousand times harder than 30. The calculator shows the formula with your numbers filled in, the total keyspace as a power of two, and where the result lands on a strength scale. Because it assumes true randomness, treat it as a ceiling — real, self-chosen passwords fall short of it.

FAQ

How is password entropy calculated?

Entropy in bits = length × log2(pool size), where the pool is the number of distinct characters the password could draw from: 26 for lowercase, 26 for uppercase, 10 for digits, and about 33 for symbols. A 16-character password from a 95-character pool is 16 × log2(95), roughly 105 bits.

Does this apply to a password I chose myself?

Only as an upper bound. The formula assumes every character is chosen uniformly at random. A human-picked password of the same length carries far less real entropy because words, names, and patterns are predictable — use the strength checker for a pattern-aware estimate of a specific password.

Is adding symbols better than adding length?

Length is the stronger lever. Adding one character multiplies the keyspace by the whole pool size, while switching pools only changes the per-character log. Going from 12 to 20 characters buys more entropy than sprinkling in a symbol.

From the channel

Video thumbnail: This Mac Malware Waits for the Right Password This Mac Malware Waits for the Right Password Watch on The Exploit HQ — cyber threat intel in 60 seconds ▸