The effective strength of user-chosen passwords has often been characterized using the information theory concept of entropy [Shannon]. While entropy can be readily calculated for data with deterministic distribution functions, estimating entropy for user-chosen passwords is challenging.

pages.nist.gov › 800-63-3 › sp800-63b.html

NIST Special Publication 800-63B

The verifier SHALL generate random authentication secrets with at least 20 bits of entropy using an approved random bit generator [SP 800-90Ar1]. If the authentication secret has less than 64 bits of entropy, the verifier SHALL implement a rate-limiting mechanism that effectively limits the ...

NIST

nist.gov › blogs › taking-measure › easy-ways-build-better-p5w0rd

Easy Ways to Build a Better P@$5w0rd | NIST

February 27, 2025 - Depending on which special characters you allow and a few other factors, the random 10-character password would have something like 65 bits of entropy, a measure of its strength.

Password strength

measure of the effectiveness of a password in resisting guessing and brute-force attacks

Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct … Wikipedia

Wikipedia

en.wikipedia.org › wiki › Password_strength

Password strength - Wikipedia

1 day ago - Using this scheme, an eight-character human-selected password without uppercase characters and non-alphabetic characters OR with either but of the two character sets is estimated to have eighteen bits of entropy.

Password creation

Password guess validation

Required bits of entropy

Creating strong passwords

Password policy

Password managers

CSRC

csrc.nist.rip › archive › pki-twg › y2003 › presentations › twg-03-05.pdf pdf

1 Estimating Password Strength (fools rush in where angels fear to tread

Estimating Password Strength · (fools rush in where angels fear to tread · - this approach is preliminary and may change) Bill Burr · NIST · [email protected] · 301-975-2914 · Draft for comment · Subject to change · 2 · Draft for comment · Subject to change ·

Okta

okta.com › identity-101 › password-entropy

Password Entropy: The Value of Unpredictable Passwords | Okta

Digital Identity Guidelines. (June 2021). NIST. Calculating Password Entropy.

LastPass

blog.lastpass.com › posts › nist-recommends-length-over-complexity

NIST Recommends Length Over Complexity to Create Strong Passwords - The LastPass Blog

October 8, 2024 - Measured in bits, the higher the password entropy score, the stronger the password. NIST also recommends only changing passwords after a breach has occurred.

AuditBoard

auditboard.com › blog › nist-password-guidelines

NIST Password Guidelines

Create passwords that will protect confidential data and prevent cyberattacks by following these updated guidelines for password creation and implementation best practices by the NIST.

Find elsewhere

Google Bing Mojeek

Sprinto

sprinto.com › blog › nist-password-guidelines

NIST Password Guidelines: 11 Rules to Follow (Latest Version Updated)

November 27, 2024 - Character Options: More password entropy, meaning the passwords should also be able to accept space and all printable ASCII characters.

Hornetsecurity

hornetsecurity.com › home › blog › new password requirements from nist

New Password Requirements from NIST

August 26, 2025 - NIST states that password providers SHALL NOT require periodic password changes unless there is evidence of a breach, as this can lead to users creating predictable password patterns.

reddit.com › r/cybersecurity › using entropy as a measure of password strength

r/cybersecurity on Reddit: Using entropy as a measure of password strength

August 6, 2025 -

I am currently helping in reviewing the company's password policy and looking at the shopping list of mandatory characteristics for building strong passwords, I got to thinking:

Why is it a standard practice to do qualitative rating of passwords based on it having a whole bunch of different criteria met instead of using a more quantitative rating based on it's entropy?

I get that one is easier for the user to achieve than the other, but a password manager can easily calculate the entropy of the passwords it stores (though few actually do so).

I have even seen recommendations for using mnemonics to remember passwords where the mnemonic would make for a stronger password than the actual password that it serves to remember. But since it doesn't have funky characters it doesn't pass muster.

Top answer

1 of 4

Because you cannot accurately measure entropy based on a single password. A proper estimate of entropy is based on examining the app that generated the password. Since the workflow is limited to inspecting the drain bamaged suggestions that users are suggesting for a password, we are left in a difficult position. These “entropy calculators” that examine a single password are snake oil, but too many users try to use their sad little brains instead of a PRNG and a reputable password/passphrase app.

2 of 4

I'm in the identity space and this is a pretty common library to use: https://github.com/dropbox/zxcvbn Instead of a policy like LUDS (lowercase, uppercase, decimal, symbol), using a library like zxcvbn and enforcing a strong password is a far better choice.

TechTarget

techtarget.com › whatis › definition › password-entropy

What is password entropy? | Definition from TechTarget

02:48

An already-known password has 0 bits of entropy; one that can be guessed on the first attempt half the time has 1 bit of entropy. The password accidental has an entropy of 47 bits, and the password ac@xC1d!3aTlx4$3Hg has an entropy of 117.98 ...

Balbix

balbix.com › blog › why-nist-wants-you-to-remove-complexity-from-your-password-policies

Why NIST Recommends Simplifying Password Policies | Balbix

June 30, 2020 - Passwords are responsible for more ... to strengthen passwords, enterprises adopted password complexity policies meant to increase entropy so that passwords would be more difficult to crack....

SANS

isc.sans.edu › diary › 11350

Theoretical and Practical Password Entropy - SANS ISC

The "bits of entropy" are calculated by the number of bits it would take to represent all possible passwords. Lets look at some common schemes: a 4 digit PIN: 10,000 possible passwords, or 13.3 bits (ln2(10,000)=13.3) 12 characters using the ...

Linford Co

linfordco.com › home › understanding the new nist password guidelines for 2024

NIST Password Policy Guidelines 2024: What You Need to Know

October 30, 2024 - But, if length is not increased, having special characters and numbers in a password can increase entropy, and increased entropy makes a password less susceptible to password cracking techniques.

Online Hash Crack

onlinehashcrack.com › guides › password-recovery › password-entropy-calculator-measure-strength.php

Password Entropy Calculator: Measure Strength

October 1, 2025 - Entropy is a critical factor in determining password strength because it directly affects how resistant a password is to various attack methods, including brute-force and dictionary attacks.

Rublon

rublon.com › home › blog archives rublon › nist password guidelines: how to create and manage strong passwords

NIST Password Guidelines: How to Create and Manage Strong Passwords

March 25, 2024 - Instead, the NIST suggests that passwords should have a minimum entropy of 10 bits, which means that there are at least 1024 possible combinations for the password.

GitHub

github.com › mapkyca › KnownNISTPasswords

GitHub - mapkyca/KnownNISTPasswords: Enforce a minimum entropy for new Known passwords

By default, new passwords will require a minimum entropy of 30, but this can be changed by setting min_password_entropy in your config.ini · Install and activate in the usual way, but if you're cloning the git repo make sure you git clone ...

Author mapkyca

Stack Exchange

security.stackexchange.com › questions › 54846 › how-many-bits-of-entropy-should-i-aim-at-for-my-password

How many bits of entropy should I aim at for my password? - Information Security Stack Exchange

Top answer

1 of 2

Password meters are no good. Well, that's a bit simplistic, so let me say it in more details: a "password meter" application like the one you used is mindless and generic; what it measures is the effort of breaking your password, using the mindless and generic strategy that the password meter author thought of. In particular, that password meter system has no idea that your passwords have been generated by assembling words taken randomly from a short list. However, an attacker who is intent on breaking your password will know that, and adapt: you just wrote it on a public forum, so it has become public information.

A correct entropy computation does not work over the actual password value, but over the process by which the password was generated. We simply assume that the attacker is aware of the process, and knows all of it except the actual random choices. With 4 words from a list of 5000, you get one password in a set of 5000⁴ with uniform selection probability (that's an important assumption), so the entropy here is 49.15 bits (because 2^49.15 is approximately equal to 5000⁴). With 3 words, you get 36.86 bits. For more on entropy calculation, see this answer.

(The wisdom of entering your password in a Web-based "password meter" is questionable, too. The one you link to claims that it does all the computations in Javascript and your password does not leave your browser, but did you really check the Javascript source to make sure of it ?)

As far as passwords go, 36.86 bits of entropy are rather good. Entropy from passwords selected by average users is much lower than that. Such a password will be broken by an attacker who got the corresponding hash IF the hash was not done properly (e.g. some homemade construction with a couple of SHA-1 invocation), but even then chances are that other users will fall first.

However, you are doing something real wrong. It is right there, in your first sentence:

I mainly use 2 passwords: 1 is a 4 word full lowercase passphrase of 18 letters long which I use wherever possible.

Emphasis is mine; it shows the problem. You are reusing passwords. That is Bad. You shall not reuse passwords. When you use the same password on N sites, you lower the security of your account on all sites to the level provided by the worst of the N. Moreover, when that site gets hacked and your password stolen, and your password shows up on lists of login+password exchanged over P2P networks, you will not know which site did it wrong. A lot of sites still store plaintext passwords (a shooting offence) so any widely reused password MUST be assumed to have already leaked.

If you use site-specific passwords, then any damage will be contained to the specific culprit. Of course, this implies some storage system on your side, e.g. KeePass, or a low-tech "passwords.txt" file (you have to take care of where you store it and use it, but that can be managed with decent physical security), or even a printed list that you keep in your wallet. In practice, separation of passwords for damage containment will be a lot more important to your security than password entropy.

2 of 2

Measuring entropy of a passphrase is often tricky. For example, if you follow NIST guidelines for measuring entropy of human-generated password then entropy of your both passwords will be ~33 bits.

I would say even at 33 bits this is OK for intended purposes, however, you're doing one thing very wrong: you should NEVER EVER reuse a password. I know that in current digital world that's hard to attain, but there are tools to help (see e.g. KeePass or 1password). Adopt one of such tools early and it will save you in the future.

Passbolt

passbolt.com › blog › show-me-your-entropy-and-ill-break-your-password

Show me your entropy and I’ll break your password

July 29, 2024 - Not knowing the structure of the password, the final entropy is 46.53 for 9 characters. It means each symbol carries 46.53 / 9 = 5.17 bits. The worst case scenario is about losing 5.6 bits of information.