What is password entropy and why does it matter?

You've probably seen password strength meters that tell you your password is "weak" or "strong" — but what are they actually measuring? The answer is entropy: a precise mathematical measure of how unpredictable your password is. Understanding it will permanently change how you think about password security.

What entropy actually means

The word entropy comes from thermodynamics and information theory, where it measures the amount of disorder or unpredictability in a system. Applied to passwords, it has a very specific meaning: password entropy is the number of guesses an attacker would need to make, on average, to crack your password by trying every possibility.

Entropy is measured in bits. This isn't the same as the bits in a computer file — it's a unit of information. Each additional bit of entropy doubles the number of guesses required to crack the password. A password with 40 bits of entropy requires about 1 trillion guesses. A password with 80 bits requires about 1 trillion trillion guesses. The numbers grow astronomically fast.

The formula is straightforward: entropy = log₂(character set size ^ password length). In plain English: multiply the number of possible characters at each position by itself once for each character in the password, then express the result in bits. The two variables that matter are how many possible characters you could use and how long the password is.

A practical look at the numbers

Let's look at some real examples to make this concrete. Here are several types of passwords with their character sets, lengths, and resulting entropy:

The difference between a 28-bit password and a 105-bit password isn't just "stronger" — it's the difference between a password that could be cracked in a few hours on modern hardware and one that would take longer than the age of the universe to crack, even with technology that doesn't yet exist.

Why length beats complexity

One of the most important — and counterintuitive — insights from entropy analysis is that length is far more powerful than complexity. This surprises most people, because password advice has historically focused on adding complexity: uppercase letters, numbers, symbols. But the maths tells a different story.

A 19-character lowercase password has more entropy than a 9-character password with uppercase, lowercase, numbers, and symbols. Length compounds; complexity adds a smaller fixed amount. Adding a symbol to an 8-character password increases entropy by about 7 bits. Adding one more character increases it by the log₂ of the character set — which for a mixed-character password is also about 6–7 bits. But adding ten more characters increases it by 60–70 bits. Length wins, every time.

This is also why the classic XKCD comic on password strength (which popularised the "four random words" approach) was mathematically correct. "correct horse battery staple" has higher entropy than most short complex passwords — not because of the words themselves, but because of the total length.

Why patterns kill entropy

Entropy calculations assume your password is randomly chosen from the available character set. But most human-created passwords aren't random — they follow patterns. And attackers know this.

Modern password cracking doesn't work by trying every possible combination from "aaaa" to "zzzz". It works by trying the most likely passwords first. Attackers use sophisticated wordlists built from billions of real passwords leaked in data breaches, combined with rules that apply common transformations: capitalise the first letter, add a number at the end, substitute letters with similar-looking numbers (e → 3, a → @, o → 0).

This means Password1! — which superficially contains uppercase, lowercase, a number, and a symbol — is one of the first things an attacker tries. It follows the most common password pattern in existence: capitalised word + number + symbol. Its theoretical entropy based on its character set is about 72 bits. Its practical entropy, accounting for its predictability, is effectively zero. It's in every cracking dictionary.

Genuine randomness is the only defence against pattern-based attacks. A password that looks random is not sufficient — it has to actually be random, generated by a process that has no patterns for an attacker to exploit. This is why password generators that use cryptographic randomness produce passwords that are meaningfully more secure than ones humans create, even if they're the same length and use the same character set.

How attackers crack passwords in practice

Understanding the attack methods clarifies why entropy matters so much in practical terms.

Brute force

The simplest attack: try every possible password, starting from the shortest. Against a truly random 8-character password using all character types, this is already computationally expensive — there are about 6 quadrillion possibilities. Against a 16-character random password, it's completely infeasible with any foreseeable technology.

Dictionary attacks

Rather than trying every possibility, dictionary attacks try the most common passwords first. Attackers use wordlists derived from previous breach data — lists of tens of billions of real passwords that people have actually used. If your password is a word, a name, a date, or any common phrase, it's likely in these lists.

Rule-based attacks

Dictionary attacks combined with transformation rules: capitalise the first letter, add "123" at the end, replace letters with numbers. These rules are derived from statistical analysis of how people modify words to meet complexity requirements. They are devastatingly effective against human-created passwords that try to meet complexity rules.

Credential stuffing

Not technically a cracking attack, but the most common way accounts are actually compromised: attackers take usernames and passwords from one breach and try them on other services. If you reuse passwords, a breach at a small website can compromise your email, bank, or social media accounts. This is the most important reason to use unique passwords for every service.

What this means for your passwords

The practical conclusions from entropy analysis are clear:

• Length matters more than complexity. A 16-character random password is better than an 8-character complex one, even if the short one has more symbol variety.
• Randomness matters as much as length. A 20-character password based on a predictable pattern has lower practical entropy than its theoretical maximum suggests. Use a random generator, not your own creativity.
• Uniqueness is non-negotiable. A perfectly random 20-character password is useless if you use it everywhere and one site is breached. Every account needs its own password.
• Aim for at least 80 bits of entropy for important accounts. Our password generator shows the entropy of each password it creates — aim for "Strong" or "Very Strong" on the meter.
• Use a password manager. The only practical way to use long, unique, random passwords for every account is to have a tool that remembers them. Bitwarden (free), 1Password, and Apple Keychain are all solid options.

How our password generator handles entropy

Our password generator uses crypto.getRandomValues() — the same cryptographic randomness your browser uses for HTTPS. This means every character in the generated password is independently and unpredictably selected from the character set, with no patterns that an attacker could exploit. The theoretical entropy of the password matches its practical entropy.

The strength meter on the generator calculates entropy directly from the character set size and password length and displays it as Weak, Fair, Strong, or Very Strong. At the default settings — 16 characters, all character types — the generated password has over 100 bits of entropy. That's more than sufficient for any current or foreseeable attack.