You type a new password into a sign-up form and a little meter lights up: weak, medium, strong. Sometimes it even gives you a number followed by the word entropy. But what is that number actually measuring, and why does Tr0ub4dor&3 sometimes score worse than four random words? The answer comes down to a single concept that quietly underpins all of password security.
In this guide you will learn what password entropy is, what bits of entropy really mean, how the math works (with worked examples you can follow), and why genuine randomness matters far more than raw length. No cryptography degree required, just plain English and a few small numbers.
What password entropy actually means
Entropy is a concept borrowed from information theory, and at its core it measures unpredictability. When we talk about password entropy, we are estimating how hard a password would be to guess if an attacker had to try every possibility. The more unpredictable the password, the higher its entropy, and the longer it takes to crack.
Crucially, entropy does not measure the password you actually chose. It measures the process that produced it, specifically how many equally likely passwords that process could have generated. A password drawn from a pool of one billion possibilities is stronger than one drawn from a pool of a thousand, even if the final strings look similar. This is why password randomness, not cleverness, is what entropy really rewards.
Entropy answers one question: out of all the passwords your method could have produced, how many would an attacker have to guess to be sure of finding yours?
Why entropy is measured in bits
Entropy is expressed in bits because bits are the natural unit for counting possibilities. Each additional bit doubles the number of guesses an attacker must make. That doubling is the whole point.
- 1 bit = 2 possibilities
- 10 bits = 210 = 1,024 possibilities
- 20 bits = roughly 1 million possibilities
- 40 bits = roughly 1 trillion possibilities
- 80 bits = roughly 1.2 septillion (a 1 followed by 24 zeros)
Because the scale is exponential, small-sounding differences are huge. A 60-bit password is not slightly stronger than a 50-bit one; it is over a thousand times harder to crack. This is also why people talk in round numbers like 60, 80, or 128 bits, each jump represents an enormous leap in difficulty.
How is password strength measured? The formula
For a randomly generated password, the math is refreshingly simple. Entropy equals the length of the password multiplied by the entropy contributed by each character:
Entropy (bits) = L × log₂(N)
Here L is the password length and N is the size of the character set you draw each character from. The log₂(N) part tells you how many bits each character is worth. The bigger your character pool, the more each character contributes.
| Character set | Pool size (N) | Bits per character (log₂N) |
|---|---|---|
| Digits only (0-9) | 10 | ~3.32 |
| Lowercase letters | 26 | ~4.70 |
| Lower + uppercase | 52 | ~5.70 |
| Letters + digits | 62 | ~5.95 |
| Letters + digits + symbols | ~95 | ~6.57 |
A worked example
Suppose you generate a random 12-character password using uppercase, lowercase, digits, and symbols (a pool of about 95 characters). Each character is worth roughly 6.57 bits, so:
12 × 6.57 ≈ 79 bits of entropy
Now compare a random 16-character password using only lowercase letters: 16 × 4.70 ≈ 75 bits. The shorter password with a richer character set comes out slightly ahead. Length and variety both matter, and entropy lets you weigh them on the same scale. If you want to see how those bit totals translate into actual cracking time, our breakdown of how long it takes to crack a password walks through real numbers.
The catch: this formula only works for random passwords
Here is the part most strength meters get wrong, and the reason entropy can be misleading. The formula above assumes every character was chosen independently and at random. Real human passwords almost never are.
When you pick Password123!, the character pool looks like 95 possibilities per slot, which the naive formula scores around 78 bits. But you did not choose those characters randomly. You chose a common word, a predictable number sequence, and a symbol most people add. An attacker's software knows this and tries those patterns first, so the real entropy is a tiny fraction of the theoretical number, often under 20 bits.
This gap is why a string can have high apparent entropy and still be weak. The formula measures the size of the haystack; it cannot tell whether your needle is sitting right on top. Predictable substitutions like @ for a or 0 for o add almost nothing, because attackers automate them. You can see this play out in our roundup of common password mistakes and in how hackers steal passwords in practice.
Why random words can beat random characters
If true randomness is what counts, the practical question becomes: how do you get it without memorizing gibberish? This is where passphrases shine. Instead of choosing random characters, you choose random words from a known list.
The math is the same, you just count the word list as your character set. A common list used by the Diceware method contains 7,776 words, and each randomly selected word is worth log₂(7776) ≈ 12.9 bits. So a five-word passphrase carries:
5 × 12.9 ≈ 64.5 bits
Six random words push you past 77 bits, which is genuinely strong, and the result is far easier to remember than a comparable string of symbols. The key word is random: the words must be chosen by chance, not picked by you, or the entropy collapses just like with character passwords. Our comparison of passphrases versus passwords digs into why this trade-off usually favors phrases for memorized secrets.
How much entropy is enough?
There is no single magic threshold, because the right target depends on what you are protecting and how the attacker can guess. Online accounts that lock you out after a few wrong attempts need far less entropy than an offline database an attacker can hammer billions of times per second. As a rough, general guide:
| Entropy | General assessment |
|---|---|
| Under 40 bits | Weak; vulnerable to determined offline attacks |
| 40 to 60 bits | Moderate; fine for low-stakes, rate-limited logins |
| 60 to 80 bits | Strong for most personal accounts |
| 80 to 128 bits | Very strong; suitable for high-value and master passwords |
| 128 bits and up | Cryptographic-grade overkill for human use |
Security guidance from standards bodies like NIST has actually moved away from forcing complex character rules and toward encouraging length and randomness, because long, random secrets deliver high entropy without the brittle patterns that complexity rules tend to produce. In practice, the simplest way to hit a strong entropy target is to let software do the choosing for you with a free password & passphrase generator, then store the result somewhere safe.
Putting entropy to work in real life
Understanding entropy is useful, but you should not be computing logarithms every time you create an account. The practical takeaway is to make sure your method produces enough randomness, then offload the storage. A reputable password manager can generate maximum-entropy passwords and remember them so you never have to. For the one or two passwords you must memorize, a random multi-word passphrase gives you high entropy you can actually recall, as covered in our guide to strong passwords that are easy to remember.
And remember that entropy only protects the password itself. Even a flawless 100-bit password is useless if it leaks in a breach, so pair strong entropy with two-factor authentication and periodically check whether your credentials have been exposed.
Key takeaways
- Entropy measures unpredictability, expressed in bits, where each bit doubles the number of guesses an attacker needs.
- For truly random passwords, entropy = length × log₂(character-set size), so both length and variety raise it.
- The formula only holds for random input; human-chosen passwords with words, names, and predictable substitutions have far less real entropy than they appear to.
- Randomness beats cleverness. Random words (Diceware-style passphrases) can match or beat random characters while staying memorable.
- Aim for roughly 60 to 80 bits for everyday accounts and more for master passwords, and let a generator or manager guarantee the randomness for you.
The next time a strength meter flashes a number at you, you will know exactly what it is claiming, and, just as importantly, when not to trust it.