Password Entropy Calculator
Password Entropy Calculator entropy bits password randomness password securityHow to use Password Entropy Calculator
Enter the password length and select every character set from which each character could be chosen uniformly. Use a custom pool only when the generator’s exact alphabet size is known.
What password entropy measures
Entropy expresses the uncertainty in a randomly generated value. One bit represents two equally likely possibilities. This calculator estimates theoretical entropy when every password character is selected independently and uniformly from the same known pool.
Entropy formula
The formula is length × log₂(pool size). Increasing length adds the same number of bits for each new character. Expanding the pool also helps, but usually less dramatically than adding several independently generated characters. The combinations result is pool size raised to the password length.
Worked example
Lowercase letters, uppercase letters, digits, and 32 common symbols create an assumed pool of 94 characters. For a 16-character uniformly random password, entropy is 16 × log₂(94), or about 104.87 bits. The number of possible strings is about 1031.57.
Theoretical versus real entropy
The estimate applies to the generation process, not merely the appearance of a finished password. A human who chooses one capital letter, a familiar word, a year, and an exclamation mark is not making 16 independent selections from 94 equally likely characters. Dictionary patterns, keyboard sequences, predictable substitutions, reused passwords, and personal information can reduce actual uncertainty drastically.
Character-pool assumptions
Select only sets from which every position could genuinely be drawn. If a generator guarantees exactly one digit and one symbol, its process is more structured than this simple model. Use Custom pool size only when you know the exact alphabet and each position uses it uniformly. Passphrases selected from a wordlist need a word-based entropy calculation instead.
Security limitations
Entropy is not a crack-time estimate. Attack speed depends on password hashing, work factors, hardware, online rate limits, account lockout, leaks, and attacker knowledge. A high-entropy password can still fail if reused, exposed by phishing, stored insecurely, or entered on a compromised device. Use a reputable password manager, unique credentials, and multifactor authentication where available.
Privacy and accuracy
This page asks for assumptions, not the password itself. Calculations remain in the browser. Results use floating-point logarithms and are rounded to two decimal places, which is sufficient for an estimate but not a security certification.
Password Entropy FAQ
Should I paste my password here?
No. Enter only its length and generation alphabet; the actual secret is unnecessary.
Does 100 bits guarantee safety?
No. It describes a strong random search space under stated assumptions, not the security of the complete account system.
Is a longer password always better?
When characters are generated independently from a known pool, length increases entropy. Human patterns can weaken that assumption.