Measure the mathematical complexity and estimated crack-time of your credentials with professional-grade entropy scoring.
Enter a password to begin.
Type a password in the input field. The tool instantly calculates the entropy bits based on character variety and length.
< 40 bits: Vulnerable to instant cracking.
> 80 bits: Resistant to offline attacks.
Entropy is a measure of randomness. In password security, "bits of entropy" represents the number of attempts required to guess a password, expressed as a power of 2. For example, 50 bits of entropy means an attacker needs, on average, 249 guesses.
Many legacy systems enforce rules like "Must contain one uppercase letter." However, mathematically, increasing the password length adds far more entropy than expanding the character set.
When a database is breached, attackers steal "hashes" (encrypted fingerprints of passwords). They can take these offline and use massive GPU clusters to guess billions of passwords per second.
| Attack Type | Speed | Constraint |
|---|---|---|
| Online Attack | ~10-100 guesses/sec | Network latency, Lockouts |
| Offline GPU | ~100 Billion/sec | Hardware budget only |
Your password must be strong enough to withstand the offline scenario.
Aim for at least 60 bits for general online accounts and 80+ bits for critical financial or administrative accounts.
Using the formula E = Length × log2(Pool Size), adjusted with penalties for predictable patterns like dictionary words or repeated characters.
No, this tool calculates mathematical strength. To check for breaches, use services like "Have I Been Pwned".
This tool runs entirely in your browser (client-side), but you should never type actual active passwords into any website other than the login page.