Password Entropy and Strength: The Math Behind Strong Passwords

Password entropy, measured in bits, quantifies how unpredictable a password is. Each bit doubles the number of possible combinations an attacker must try. A password with 40 bits of entropy has about 1 trillion possibilities; 80 bits, about 1 septillion.

Entropy is calculated as log₂(possible values). For a 10-character password drawn uniformly from 95 printable ASCII characters: log₂(95^10) ≈ 65.7 bits. The key assumption — uniform random draw — is where most real passwords fail.

"Password123!" technically contains 12 characters from a 95-character alphabet (78.8 theoretical bits), but its actual entropy is much lower. Attackers use dictionaries, substitution rules, and leaked password lists; common patterns fall in seconds regardless of length.

The difference between theoretical and effective entropy is the entire attack surface. The NIST SP 800-63B guidelines explicitly drop older complexity rules because they pushed users toward predictable patterns ("Password1!", "Summer2024!") that looked complex but were trivially cracked.

Modern cracking is not raw brute force. Attackers layer strategies from cheapest to most expensive:

• Leaked password reuse: try passwords from breach databases (billions of credentials)
• Dictionary attacks: words from many languages plus common modifications
• Rule-based: apply transformations (capitalize first, append numbers, common substitutions)
• Mask attacks: test specific patterns inferred from policy hints
• Hybrid: dictionary + brute-force on short suffixes
• Pure brute force: only for short passwords where other methods have failed

Given random selection, length is mathematically the strongest defense. Each additional random character adds ~6.6 bits of entropy from a 95-character alphabet. Adding complexity rules that increase the alphabet but reduce user-random behavior often makes passwords weaker in practice.

The Diceware method, recommended by the EFF, combines 5–7 random words from a 7,776-word list. A 6-word passphrase gives log₂(7776^6) ≈ 77.5 bits of entropy — roughly equivalent to a 12-character random ASCII password, but far easier to memorize.

Current guidance converges on minimum targets calibrated against hardware available to well-funded attackers:

• 60 bits: resists casual attackers, bare minimum
• 80 bits: current recommended floor for general use
• 100 bits: strong; resists well-funded adversaries
• 128 bits: cryptographic strength; overkill for password purposes

The most scalable answer is a password manager. It generates a unique, random, high-entropy password for every service, freeing you from memorization and eliminating password reuse — the single largest cause of account takeovers.

Recommended practice: protect the manager with a strong master passphrase (memorable but high entropy), enable multi-factor authentication on the manager itself, and use its autofill to resist phishing (an autofiller will not fill a password into a fake look-alike domain).

No password is strong enough to stand alone today. Multi-factor authentication (MFA) using a hardware key (FIDO2/WebAuthn) or a TOTP app massively raises the bar for account takeover even if the password itself leaks.

Passkeys, built on the WebAuthn standard, are gradually replacing passwords entirely on major platforms. They use public-key cryptography bound to your device, cannot be phished, and cannot be reused. Where available, passkeys are strictly better than any password.