Password Entropy Explained โ Why 128 Bits Is the Goal
Entropy measures password strength mathematically. Here is what entropy means, how to calculate it, and why longer passwords beat complex short ones.
Password strength is often shown as a colored bar going from red to green, but that bar is calculated from something specific: entropy. Understanding entropy gives you a much better intuition for why some passwords are strong and others aren't, regardless of what the bar says.
What entropy means in password context
Entropy, measured in bits, quantifies unpredictability. A password with 50 bits of entropy has about one quadrillion possible values. Each additional bit doubles the number of possibilities. At 70 bits, you have roughly one sextillion possibilities. At 90 bits, an attacker trying a billion guesses per second would need billions of years to exhaust the space.
How entropy is calculated
The formula is: entropy = log2(pool size) multiplied by length. The pool size is how many characters you could have chosen from at each position. Lowercase letters only: pool of 26. Add uppercase: pool of 52. Add digits: pool of 62. Add common symbols: pool of around 94.
So a 16-character password using all 94 printable ASCII characters has: log2(94) x 16 = approximately 6.55 x 16 = about 105 bits of entropy. That's very strong. A 10-character password using only lowercase letters: log2(26) x 10 = 4.7 x 10 = 47 bits. Much weaker.
Why "P@ssw0rd" is weak despite looking complex
The entropy formula only applies to truly random passwords. If you replace letters with predictable substitutions (aโ@, eโ3, oโ0, sโ$), attackers already account for this. They run modified wordlists that include these substitution patterns. "Password" with substitutions is not meaningfully stronger than "Password" without them, because the search space is similar once substitution patterns are included.
Entropy targets by threat model
- Online attacks (limited guesses before lockout): 40 bits is sufficient
- Offline attacks against a stolen hash: aim for 80+ bits
- High-value targets (banking, email, password manager): 100+ bits
The Password Generatorshows entropy estimates so you can see exactly what you're getting. Generate a 20-character alphanumeric password and you'll see roughly 119 bits, which is strong by any practical standard.
Entropy and passphrases
A passphrase like "correct horse battery staple" (four random common words) has roughly 44 bits of entropy if selected from a 2,000-word list. Increase to six words from a 7,776-word list (Diceware) and you get about 77 bits. The advantage of passphrases is memorability; the disadvantage is that you need more words than you might expect to achieve high entropy.