Password Entropy Calculator
Measure the real strength of any password in bits of entropy.
Entropy assumes each character is independent. Real-world dictionary passwords may be weaker than the math suggests.
Want a professional to double-check?
Get a free, no-obligation home security assessment.
Get a free quoteWhat is password entropy?
Entropy is a measure of how unpredictable a password is, expressed in bits. Each additional bit doubles the number of guesses an attacker must make, so entropy is the single best mathematical gauge of password strength. This free password entropy calculator estimates entropy from your password's length and the size of its character set (lowercase adds 26 possibilities per position, uppercase another 26, digits 10, symbols about 33), then shows the full "keyspace" — the total number of possible combinations — and how long that would take to crack under three realistic attack speeds.
The three scenarios matter because not all attacks are equal. An online attack against a login form is slow (throttling and lockouts). An offline attack on a fast-hashed leaked database can try billions per second, while a properly slow-hashed database (bcrypt, Argon2) drops that to thousands. As a benchmark, aim for 70+ bits of entropy for important accounts and 100+ for anything critical. Note that dictionary words and predictable patterns lower real-world strength below the raw math, so favor random passwords or passphrases. Everything is calculated locally in your browser and never sent anywhere.
Frequently asked questions
How many bits of entropy is 'strong'?
Why show three different crack times?
Does entropy tell the whole story?
Is my input stored or sent anywhere?
Embed this free tool on your site
Copy and paste this snippet anywhere. It's free to use with attribution.
Estimates are for guidance only. Replace this footer with your brand.