How Strong Is Your Password? Understanding Entropy and Crack Time
Most password strength meters show a colored bar and a vague label like "medium." But what does that actually mean? This guide explains the math behind password strength, why length matters more than special characters, and how to make passwords that resist modern cracking hardware.
What is entropy?
In the context of passwords, entropy measures unpredictability. It is expressed in bits. A password with N bits of entropy is as hard to guess as a random N-bit binary string, meaning an attacker would need, on average, 2^(N-1) guesses to crack it.
The formula for a randomly generated password is:
entropy = log2(pool_size ^ length)
= length * log2(pool_size)Where pool_size is the number of possible characters. For example:
| Character set | Pool size | Entropy per character |
|---|---|---|
| Digits only (0-9) | 10 | 3.32 bits |
| Lowercase letters | 26 | 4.70 bits |
| Lowercase + digits | 36 | 5.17 bits |
| Upper + lower + digits | 62 | 5.95 bits |
| All printable ASCII | 95 | 6.57 bits |
A random 8-character password using upper + lower + digits has about 47.6 bits of entropy (8 * 5.95). That sounds reasonable until you learn what modern hardware can do.
How fast can passwords be cracked?
Cracking speed depends on two factors: the hashing algorithm used to store the password and the attacker's hardware.
A single modern GPU can compute roughly:
- MD5: 50 billion hashes per second
- SHA-256: 5 billion hashes per second
- bcrypt (cost 10): 30,000 hashes per second
- Argon2id: 1,000 hashes per second (with proper tuning)
Against MD5 (still used by many legacy systems), a 47.6-bit password takes about 1.5 days to crack. Against bcrypt, the same password would take roughly 1,400 years. The hashing algorithm matters enormously -- but you, as a user, usually cannot control which algorithm a site uses. So your defense is entropy.
Brute force vs dictionary attacks
A brute force attack tries every possible combination. A dictionary attack uses wordlists of common passwords, leaked credentials, and predictable patterns.
The 10,000 most common passwords account for a staggering percentage of all accounts in any leaked database. Passwords like password123, qwerty, and letmein are tried first. If your password appears in any leaked dataset, no amount of special characters will save it.
Dictionary attacks also use rules: appending digits (password1), capitalizing the first letter (Password), substituting letters (p@ssw0rd), and appending years (password2026). These mutations are computationally cheap and devastatingly effective against human-chosen passwords.
Why length beats complexity
Consider two passwords:
P@s5w0rD-- 8 characters, complex, 50 bits of entropycorrect horse battery staple-- 28 characters, simple words, approximately 44 bits of entropy (if chosen from a 2048-word list) to over 100 bits (if chosen from the full dictionary with spaces)
The short complex password is hard for humans to remember and relatively easy for machines to crack. The long passphrase is easy to remember and far harder to brute-force character by character.
Each additional character multiplies the search space exponentially. Going from 8 to 12 characters with the same pool size increases combinations by a factor of nearly 15 million (62^4). Adding a ! to an 8-character password only doubles the pool from 62 to 95, a much smaller improvement.
The math is clear: adding length is exponentially more effective than adding complexity.
The passphrase approach
A passphrase combines multiple random words:
marble oxygen fourteen cascadeIf each word is chosen randomly from a list of 7,776 words (like the Diceware list), each word contributes about 12.9 bits of entropy. Four words give 51.7 bits. Six words give 77.5 bits -- strong enough for nearly any purpose.
The key word is "randomly." If you pick words that form a meaningful phrase, the entropy drops dramatically because natural language is highly predictable.
Common mistakes that destroy entropy
Predictable patterns
Using a base word with predictable modifications (Summer2026!, Company@123) is not random. Attackers model these patterns explicitly.
Password reuse
If your password leaks from one site, every other site where you used it is compromised. Credential stuffing attacks automate this at massive scale.
Personal information
Birthdays, pet names, addresses, and phone numbers are all publicly discoverable. They add zero effective entropy.
Keyboard patterns
qwerty, 1qaz2wsx, zxcvbnm -- these appear in every cracking dictionary.
Single dictionary words with substitutions
tr0ub4dor looks complex but follows a well-known substitution pattern. Cracking tools handle these in seconds.
What makes a genuinely strong password?
Three properties:
- Randomly generated. Not chosen by a human, but by a cryptographically secure random number generator.
- Sufficiently long. At least 16 characters for traditional passwords, or 5+ words for passphrases.
- Unique. Never reused across sites.
For most people, the practical solution is a password manager. Generate a random 20+ character password for every account and remember only the master passphrase (which should be a strong, randomly-chosen multi-word phrase).
Entropy targets for different threat models
| Scenario | Minimum entropy | Example |
|---|---|---|
| Low-value accounts | 40 bits | 8-char alphanumeric |
| Standard web accounts | 60 bits | 12-char mixed or 5-word passphrase |
| Email / password manager | 80 bits | 16-char mixed or 6-word passphrase |
| Encryption keys | 128 bits | 22-char full ASCII or 10-word passphrase |
These assume the attacker has offline access to hashes and dedicated cracking hardware. Online attacks are throttled by rate limiting and lockouts, so even lower entropy can survive -- but you should not rely on that.
Estimating crack time
A rough formula for brute force crack time:
time = (2^entropy) / (guesses_per_second * 2)The division by 2 accounts for the fact that, on average, the correct guess is found halfway through the search space.
For a 60-bit password against bcrypt at 30,000 guesses/second:
time = 2^60 / (30000 * 2)
= 1.15e18 / 60000
= 19.2 trillion seconds
= ~609,000 yearsFor the same password against MD5 at 50 billion guesses/second:
time = 2^60 / (50e9 * 2)
= 1.15e18 / 1e11
= 11,500,000 seconds
= ~133 daysThe difference is staggering, and it underscores why both strong passwords and strong hashing algorithms matter.
Multi-factor authentication
Even the strongest password can be phished. Multi-factor authentication (MFA) adds a second barrier. Hardware security keys (FIDO2/WebAuthn) are phishing-resistant. TOTP apps are better than SMS. SMS is better than nothing.
MFA does not replace the need for strong passwords -- it complements it. If your MFA token is compromised (SIM swap, for example), your password is the last line of defense.
Try our Password Generator to create cryptographically strong passwords and passphrases instantly -- with entropy calculation built in, right in your browser.