Password Entropy Calculator
Enter a password length and the size of the character pool to get the entropy in bits — and see why each extra character or symbol type raises the strength.
Bits, not guesswork
Enter the length and the pool size and the calculator returns the entropy in bits (E = L × log₂R) together with the strength band it falls into.
Assumes randomness
The formula assumes every character is chosen at random. A memorable phrase or a dictionary word has far less entropy than its length suggests.
What is password entropy?
A measure of unpredictability in bits
Password entropy is a measure of how unpredictable a randomly generated password is, expressed in bits. One bit means an attacker faces two equally likely options; each additional bit doubles the number of guesses needed to be sure of finding it. The password entropy calculator turns two numbers — the password length and the size of the character pool each character is drawn from — into that bit count, so you can compare schemes objectively instead of trusting a vague "strong" label.
Enter a length and a character pool size to get the entropy in bits and the matching strength band instantly.
Entropy is the password length multiplied by the base-2 logarithm of the character pool size. The log₂ term is the number of bits each single character contributes, and multiplying by the length adds them up.
E = L × log₂(R)Here L is the length and R is the pool size: 26 for lowercase letters, 52 for mixed case, 62 for alphanumeric, and 95 for the full printable-ASCII keyboard. Because R sits inside a logarithm, widening the pool helps far less than adding length — every extra character contributes the same fixed number of bits.
Suppose you generate a 12-character password using the full keyboard (95 possible symbols per character).
Bits per character
log₂(95) ≈ 6.5699 bits — what each random character contributes.
Multiply by the length
12 × 6.5699 ≈ 78.8383 — the length times the bits per character.
Read the band
78.8383 bits lands in the "strong" range (60–127 bits), comfortably above everyday needs.
The bit count maps onto rough strength bands you can read at a glance: under 28 bits is very weak (trivial to crack), 28–35 bits is weak, 36–59 bits is reasonable for low-value accounts, 60–127 bits is strong, and 128 bits or more is very strong and well beyond brute-force reach with current hardware. The 12-character keyboard password above scores about 78.8 bits, firmly in the strong band. The practical lesson is that length is the most reliable lever: adding one character to a 95-symbol password adds roughly 6.6 bits, whereas switching from lowercase to the full keyboard only multiplies the per-character contribution once. According to the NIST digital-identity guidelines, length matters more than forced complexity rules, which is exactly what the logarithm in the formula shows.
The formula is exact for truly random passwords, but a couple of points are worth keeping in mind for accuracy.
Entropy assumes randomness
This calculator measures the entropy of a password generated by picking each character uniformly at random from the pool. A password you chose yourself — a word, a name, a keyboard pattern, or a predictable substitution — has far less real entropy than the formula reports, because an attacker guesses likely patterns first. Use the bit count to compare random schemes, not to grade a human-chosen password, and prefer a password manager that generates random values.