Password Combination Calculator

Enter your password length and select which character sets to include — lowercase letters, uppercase letters, numbers, and symbols — and the Password Combination Calculator tells you the total number of possible combinations and how long a brute-force attack would take to crack it. Adjust the attack speed to see how hardware capability affects your password's real-world security. Also try the find Total Permutations (n^r) with Permutation with Repetition Calculator.

Results

Total Possible Combinations

Character Pool Size

Password Entropy

Time to Crack (worst case)

Crack Time (human readable)

Password Strength

How do I calculate the number of possible password combinations?

The formula is simple: raise the size of the character pool (n) to the power of the password length (k), giving n^k total combinations. For example, a 12-character password using lowercase only (26 chars) yields 26^12 ≈ 95 trillion combinations. Adding more character types dramatically increases n and therefore the total. See also our nPr Calculator.

What is password entropy, and why does it matter?

Password entropy is measured in bits and represents the unpredictability of your password. It's calculated as log2(n^k) = k × log2(n), where n is the character pool size and k is the length. Higher entropy means more guesses are required to crack the password. Security experts generally recommend at least 60–80 bits of entropy for strong passwords.

Is a 16-character password secure?

A 16-character password using mixed case, numbers, and symbols provides over 100 bits of entropy and hundreds of quintillions of combinations — making it effectively uncrackable by brute force with any current technology. Even at 350 billion guesses per second, cracking such a password would take longer than the age of the universe.

How many 12-character passwords are possible with uppercase and lowercase letters?

Using both uppercase (26) and lowercase (26) letters gives a pool of 52 characters. For a 12-character password, that's 52^12 ≈ 390 quadrillion combinations. Adding numbers or symbols pushes this even higher, which is why character variety matters as much as length.

Are 4-digit PINs secure?

A 4-digit PIN only has 10^4 = 10,000 possible combinations, which can be exhausted by a modern computer in milliseconds. PINs rely on lockout mechanisms (limited attempts) rather than mathematical complexity for their security. They are not safe against offline brute-force attacks on stolen data.

What is a brute-force attack?

A brute-force attack tries every possible password combination until the correct one is found. The time it takes depends on two factors: the total number of combinations (determined by your password) and the attacker's hardware speed (how many guesses per second they can make). This calculator shows you worst-case time to crack based on both.

Why does adding special characters make such a big difference?

Each character type you add increases the pool size n. Since combinations grow exponentially as n^k, even a small increase in n has a massive effect. Going from 62 characters (letters + digits) to 95 characters (letters + digits + all symbols) on a 12-character password multiplies the combinations by over 6,000 times.

How can I remember strong passwords?

The best approach is to use a reputable password manager (such as Bitwarden, 1Password, or KeePass) to generate and store long, random passwords. If you need a memorable password, consider a passphrase — four or more random words strung together — which can be both memorable and cryptographically strong.