Making sure your password is strong yet memorable can be challenging and stressful. However, following best practices – like using passphrases, incorporating acronyms and relying on
Password entropy is a measurement of how difficult it would be for a cybercriminal to crack or successfully guess your password. When calculating password entropy, the calculation takes into account how long your password is and the variation of characters you’re using. Character variations include the use of uppercase and lowercase letters, numbers and symbols.
Continue reading to learn more about the importance of password entropy and how you can calculate it using the password entropy formula.
The Importance of Password Entropy
Password entropy is important because it determines how easy or difficult it would be for a cybercriminal to compromise your password through password-cracking techniques like brute force, credential stuffing and password guessing. The higher your password entropy is, the less likely you are to become a victim of these password-related attacks.
Brute force
Brute force is when cybercriminals use software to guess login credentials through trial and error. Using brute force software, cybercriminals can input dictionary words, phrases, commonly used passwords or specific character combinations until they find a match.
Credential stuffing
Credential stuffing is a type of brute force attack in which cybercriminals use a set of credentials to gain access to several accounts at once. Cybercriminals often use a set of stolen credentials they’ve cracked, bought on the dark web or stolen from data breaches, and then use them across multiple accounts. If the user whose credentials were stolen reuses that password, the cybercriminal can potentially gain access to several accounts that use the same stolen credentials.
Password guessing
Password guessing is just as its name suggests, a cybercriminal attempts to guess your password. Typically, cybercriminals and other unauthorized users can successfully guess passwords if the victim is using personal information in their password that can be easily found on their social media accounts.
How To Calculate Password Entropy
Before you begin calculating password entropy, you have to understand the basic elements of the formula and what the score means. A low score under 72 bits means that your password is weak and can be cracked almost instantly. A high score of 75 or above means that your password would be more difficult for a cybercriminal to crack.
Now that you know what your calculated score means, let’s go over the password entropy formula and what each element of it stands for. The password entropy formula is as follows.
E = log₂(Rᶫ)
- E stands for entropy
- R stands for the variation of characters used in the password
- L stands for the character length of the password
Using a calculator, plug in the elements of the password you created into this formula to determine your password’s entropy.
How Many Bits of Entropy Should a Password Have?
It’s recommended that your password have at least 75 bits of entropy. Bits of entropy are calculated using the password entropy formula. If, after calculating your password’s entropy, you discover that your password is not strong, there are two things you can do to increase its entropy.
- Add more character variations such as numbers and symbols
- Make the password longer
According to the password entropy formula, length is the most important element of a strong password. This is the reason why using passphrases as passwords is considered to be more secure than using a password that is short but complex.
If you’re struggling to create a strong password, we recommend using a password generator. Most password generators use the password entropy formula to ensure the passwords it generates are strong and difficult for cybercriminals to crack.
Use Password Entropy To Determine the Strength of Passwords
While it’s good to know what password entropy is and how to calculate it on your own, there’s no need to constantly calculate your passwords’ entropy to determine their strength. Most password generators take password entropy into account so you don’t have to worry about calculating it on your own. Using a free password generator tool or a password generator built into a password manager to create passwords for your accounts ensures that your passwords are always made strong.
To see how a password manager like Keeper can help you create, store and manage your strong passwords, start a free trial of Keeper Password Manager today.