What Is Password Entropy?

The Basic Concept of Entropy

Entropy comes from information theory, introduced by Claude Shannon in 1948 to measure the uncertainty or randomness of information. In the context of passwords, entropy measures how many guesses an attacker would need to find the correct password without any prior knowledge. Higher entropy means a harder-to-crack password.

Password entropy is measured in bits. A password with n bits of entropy requires an attacker to make on average 2^n / 2 guesses to find it. For example, 40-bit entropy requires about 550 billion guesses on average, while 128-bit entropy is computationally infeasible to brute-force with any existing hardware.

The Password Entropy Formula

For randomly generated passwords, the entropy formula is straightforward: H = L × log₂(N), where H is entropy in bits, L is the password length in characters, and N is the character set size (the number of distinct characters available).

For example: a 12-character password using only lowercase letters (N=26) has entropy of 12 × log₂(26) ≈ 12 × 4.7 ≈ 56.5 bits. The same length with all printable ASCII (N=95) gives 12 × log₂(95) ≈ 12 × 6.57 ≈ 78.8 bits. Expanding the character set alone increases security by 22 bits — roughly 4 million times harder to crack.

Why Length Matters More Than Complexity

The formula reveals that password length has a linear effect on entropy, while character set size has a logarithmic effect. This means adding length is more efficient than adding character types. A 20-character all-lowercase password (entropy ≈ 94 bits) is harder to crack than a 12-character full-ASCII password (entropy ≈ 78.8 bits).

This is why modern security experts increasingly recommend passphrases — long passwords made of multiple random words. A passphrase like "correct horse battery staple" has far more entropy from length and randomness than "P@ssw0rd" despite the latter appearing "complex."

Entropy Comparison of Common Passwords

Here are entropy estimates for typical passwords to give you an intuitive sense of the differences:

• password (pure dictionary word): ~0–1 bits of effective entropy
• P@ssw0rd (simple substitution): ~10–15 bits of effective entropy
• Tr0ub4dor&3 (mixed, 12 chars): ~28 bits of effective entropy (attackers know these rules)
• Random 12-char full-ASCII: ~79 bits
• Random 16-char full-ASCII: ~105 bits
• 4 random English words (Diceware): ~52 bits
• 6 random English words (Diceware): ~78 bits

Real-World Cracking Speed vs. Entropy

At the cracking speed of a modern high-performance GPU (approximately 60 billion MD5 hashes per second), expected cracking times by entropy level are: 40 bits ≈ 1 second, 56 bits ≈ 18 hours, 72 bits ≈ 470,000 years, 88 bits ≈ 31 billion years. Anything above 72 bits is effectively immune to brute force in practice.

Note that these figures apply to unsalted fast hashes like MD5. Modern password storage uses slow hashing algorithms like bcrypt and Argon2, which reduce cracking speed to hundreds of hashes per second — giving even lower-entropy passwords significantly more protection. But that's no reason to lower your entropy standards.

The "Effective Entropy" Problem with Human-Created Passwords

The formula calculates theoretical entropy, but human-created passwords are often much weaker than their theoretical value suggests. If an attacker knows a password follows a pattern — say, "one uppercase letter, six lowercase letters, two digits" — the actual search space shrinks dramatically and effective entropy falls far below the theoretical figure.

This is precisely the core value of a random password generator: the effective entropy of its output equals the theoretical entropy, because no human preference or pattern has been introduced. Using a generator, you actually receive the security level the formula promises.

Recommended Entropy Targets

NIST's 2017 Digital Identity Guidelines (SP 800-63B) no longer mandate special characters and regular rotation, instead recommending longer passwords (allowing at least 64-character maximums) and password manager use. General security guidance: aim for at least 72 bits for standard accounts, and at least 100 bits for high-value accounts.

With a full ASCII character set, a 16-character random password provides ~105 bits of entropy, well beyond any realistic threat. This is why quality password generators default to 16 characters or more — it's the optimal balance between security and practicality.