Password Entropy Explained — Why Length Beats Complexity

"Strong password" sounds subjective, but it is not — there is a number behind it. Entropy, measured in bits, tells you exactly how hard a password is to guess, and once you can compute it, a lot of common advice turns out to be backwards. This post walks through the formula, some worked examples, a cracking-time table at realistic GPU speeds, and the giant caveat that makes most human-made passwords far weaker than the math suggests.

The Formula: bits = length × log2(pool)

For a truly random password, each character is an independent choice from a pool of possible characters. The entropy in bits is:

entropy (bits) = length × log2(pool size)

Pool sizes:
  lowercase only (a-z)             26  → 4.70 bits/char
  lower + upper (a-zA-Z)           52  → 5.70 bits/char
  lower + upper + digits           62  → 5.95 bits/char
  all printable ASCII w/ symbols   94  → 6.55 bits/char

Each additional bit doubles the search space. An attacker needs on average 2^(bits−1) guesses to find the password. Notice something in that table: going from lowercase-only to the full symbol set — the thing complexity rules force on you — gains less than 2 bits per character. Adding one more character gains 4.7 to 6.55 bits. Length wins, every time.

Worked Examples

8 chars, lowercase:        8 × log2(26)  =  8 × 4.70 ≈  37.6 bits
8 chars, all 94 symbols:   8 × log2(94)  =  8 × 6.55 ≈  52.4 bits
12 chars, lower+upper+dig: 12 × log2(62) = 12 × 5.95 ≈  71.4 bits
16 chars, lower+upper+dig: 16 × log2(62) = 16 × 5.95 ≈  95.3 bits
16 chars, all 94 symbols:  16 × log2(94) = 16 × 6.55 ≈ 104.9 bits
20 chars, lowercase only:  20 × log2(26) = 20 × 4.70 ≈  94.0 bits

The comparison worth staring at: an 8-character password using every symbol on the keyboard reaches ~52 bits, while a 16-character mixed-case alphanumeric password reaches ~95 bits — and 20 lowercase letters match it with no symbols at all. Doubling length roughly doubles the bits; upgrading the character set nudges them.

What Those Bits Mean at GPU Speeds

How fast guesses happen depends entirely on how the password was hashed. A single modern GPU manages very roughly 100 billion MD5 guesses per second, around 10 billion for SHA-256, but only tens of thousands per second against a properly configured bcrypt. Assume a serious attacker with a rig of ~10 GPUs against a fast hash (10^12 guesses/second) — the pessimistic case:

Entropy   Search space      Avg. time at 10^12 guesses/sec
37.6 bits  ~2.1 x 10^11      ~0.1 seconds
52.4 bits  ~6.1 x 10^15      ~50 minutes
71.4 bits  ~3.2 x 10^21      ~51 years
95.3 bits  ~4.9 x 10^28      ~780 million years
104.9 bits ~3.9 x 10^31      ~620 billion years

The cliff between 52 and 71 bits — minutes versus decades — is why 12 random characters is a sensible floor and 16 is a comfortable default. And remember these times assume a fast, unsalted hash; sites that use bcrypt or Argon2 slow every guess by a factor of 10,000+ (see bcrypt vs SHA-256).

The Catch: Humans Destroy Theoretical Entropy

The formula only holds when every character is chosen uniformly at random. Humans do not do that. "Trustno1!" looks like a 9-character mixed password worth ~59 bits, but an attacker does not guess it character by character — they guess it as dictionary word + digit + symbol, a pattern with maybe 20-25 bits of real-world entropy. Cracking rulesets encode human habits directly:

  • Capital letter goes first, digits and symbols go last
  • Leet substitutions (e→3, a→@) are tried automatically for every dictionary word
  • Keyboard walks (qwerty, 1qaz2wsx) and dates (birthdays, years) are in every wordlist
  • Passwords from previous breaches — billions of them — are tried before any brute force begins

The honest way to state it: entropy is a property of the process that generated the password, not of the string itself. A password that came out of a cryptographically secure generator has the entropy the formula says. A password a human composed has the entropy of the human's decision process — usually a tiny fraction of the theoretical figure, no matter how random it looks.

Honest Diceware Math

Passphrases get the same treatment. A diceware passphrase picks words uniformly at random from a list of 7,776 words (five dice rolls per word), so each word contributes log2(7776) ≈ 12.9 bits regardless of how long the word is:

4 words: 4 × 12.9 ≈ 51.7 bits   (okay for throttled online logins)
5 words: 5 × 12.9 ≈ 64.6 bits   (decent)
6 words: 6 × 12.9 ≈ 77.5 bits   (strong — good master password)
7 words: 7 × 12.9 ≈ 90.4 bits   (excellent)

The honesty matters in both directions. "correct horse battery staple" style phrases only earn their bits if the words came from actual dice or a CSPRNG — a phrase you thought up ("my favourite chai stall in Hyderabad") is a sentence, and sentences follow grammar, which attackers model. And note the entropy is per word, not per letter: a 6-word, 30-character passphrase has ~77 bits, less than a 16-character random string's ~105. That is fine — the passphrase's job is to be memorable, and 77 bits is plenty. The random string's job is density, because a password manager is typing it.

Practical Targets

  • Regular website accounts — 16-character generated passwords (~100 bits); overkill is free when a manager remembers them
  • Master password / disk encryption — 6+ word diceware passphrase (77+ bits), memorised
  • WiFi, shared secrets, API keys — 20+ generated characters; nobody types these often
  • Anything below ~50 bits — treat as protection against casual guessing only, not against an offline attacker

Frequently Asked Questions

What is password entropy?

Password entropy measures unpredictability in bits. For a truly random password, entropy = length × log2(pool size), where pool size is the number of possible characters. Each additional bit doubles the number of guesses an attacker needs on average.

How many bits of entropy should a password have?

For accounts protected by online rate limiting, 40-50 bits is workable. For anything that could face offline cracking — password manager master passwords, disk encryption — aim for 75 bits or more. A random 16-character mixed password (~104 bits) or a 6-word diceware passphrase (~77.5 bits) both clear that bar.

Does adding a symbol make my password much stronger?

Not much. Growing the character pool from 62 to 94 adds only about 0.6 bits per character, while each extra character adds 5.95-6.55 bits. Four extra lowercase letters beat swapping every character class in a short password.

Try the Free Password Generator

Generate cryptographically secure passwords with real entropy — created locally in your browser, never sent to any server. No signup, no cost.

Related articles