Password Combination Calculator

The formula is simple: raise the size of the character pool (n) to the power of the password length (k), giving n^k total combinations. For example, a 12-character password using lowercase only (26 chars) yields 26^12 ≈ 95 trillion combinations. Adding more character types dramatically increases n and therefore the total.

Password entropy is measured in bits and represents the unpredictability of your password. It's calculated as log2(n^k) = k × log2(n), where n is the character pool size and k is the length. Higher entropy means more guesses are required to crack the password. Security experts generally recommend at least 60–80 bits of entropy for strong passwords.

A 16-character password using mixed case, numbers, and symbols provides over 100 bits of entropy and hundreds of quintillions of combinations — making it effectively uncrackable by brute force with any current technology. Even at 350 billion guesses per second, cracking such a password would take longer than the age of the universe.

Using both uppercase (26) and lowercase (26) letters gives a pool of 52 characters. For a 12-character password, that's 52^12 ≈ 390 quadrillion combinations. Adding numbers or symbols pushes this even higher, which is why character variety matters as much as length.

A 4-digit PIN only has 10^4 = 10,000 possible combinations, which can be exhausted by a modern computer in milliseconds. PINs rely on lockout mechanisms (limited attempts) rather than mathematical complexity for their security. They are not safe against offline brute-force attacks on stolen data.

A brute-force attack tries every possible password combination until the correct one is found. The time it takes depends on two factors: the total number of combinations (determined by your password) and the attacker's hardware speed (how many guesses per second they can make). This calculator shows you worst-case time to crack based on both.

Each character type you add increases the pool size n. Since combinations grow exponentially as n^k, even a small increase in n has a massive effect. Going from 62 characters (letters + digits) to 95 characters (letters + digits + all symbols) on a 12-character password multiplies the combinations by over 6,000 times.

The best approach is to use a reputable password manager (such as Bitwarden, 1Password, or KeePass) to generate and store long, random passwords. If you need a memorable password, consider a passphrase — four or more random words strung together — which can be both memorable and cryptographically strong.