Password Entropy: How Random Is Random Enough?

Entropy is a measure of unpredictability, expressed in bits. Each additional bit of entropy doubles the number of possibilities an attacker has to search through before they're guaranteed to find the right one. A password with 40 bits of entropy has 2^40 (about a trillion) possible values; a password with 60 bits has 2^60 — a billion times more. That exponential relationship is why small changes in password composition make an outsized difference to how brute-forceable a password actually is.

How entropy is calculated

For a password generated by picking characters independently and uniformly at random from a fixed alphabet, entropy is log2(alphabet size) × length. A random lowercase-only password draws from an alphabet of 26, giving about 4.7 bits per character. Add uppercase, digits, and symbols and the alphabet grows to roughly 94 printable characters — about 6.55 bits per character. That's why expanding the character set matters less than it might seem, and length matters more: going from 26 to 94 possible characters only adds about 2 bits per character, but every extra character of length adds a full multiplier's worth of entropy regardless of alphabet.

Why length beats complexity

A 12-character password using the full 94-character set has about 79 bits of entropy. A 20-character password using only lowercase letters has about 94 bits — more than the shorter, more “complex” one, despite using a smaller alphabet. This is the core insight behind the shift in password guidance over the last decade (NIST's SP 800-63B included): length is a more reliable and more usable lever than forcing arbitrary complexity rules like “must contain a symbol.”

What counts as enough

The right target depends on what's protecting the password. A properly implemented password hashing scheme like Argon2id already makes each guess computationally expensive, so even moderate entropy (around 60 bits) becomes impractical to brute-force at scale. But defense in depth matters — you don't know in advance whether a service you trust your password to is hashing it correctly, so aiming higher costs nothing. As a practical baseline: 80+ bits of entropy (roughly 14 random alphanumeric-plus-symbol characters, or 16-18 random lowercase words) comfortably exceeds what's brute-forceable with current hardware, even against a fast, unsalted hash.

The important caveat: this math only holds for passwords generated by a genuinely uniform random process. Human-chosen passwords — even ones that “look” random — draw from a much smaller effective space, because people are predictable in ways attackers' dictionaries already account for. Use a proper random generator rather than inventing a password by hand.

The Password Generatoron this site uses the Web Crypto API's cryptographically secure random number generator, entirely in your browser, so every character is drawn from a genuinely uniform distribution.

← Back to KeyForge