How many bits of entropy should I aim at for my password?

Password meters are no good. Well, that's a bit simplistic, so let me say it in more details: a "password meter" application like the one you used is mindless and generic; what it measures is the effort of breaking your password, using the mindless and generic strategy that the password meter author thought of. In particular, that password meter system has no idea that your passwords have been generated by assembling words taken randomly from a short list. However, an attacker who is intent on breaking your password will know that, and adapt: you just wrote it on a public forum, so it has become public information.

A correct entropy computation does not work over the actual password value, but over the process by which the password was generated. We simply assume that the attacker is aware of the process, and knows all of it except the actual random choices. With 4 words from a list of 5000, you get one password in a set of 50004 with uniform selection probability (that's an important assumption), so the entropy here is 49.15 bits (because 249.15 is approximately equal to 50004). With 3 words, you get 36.86 bits. For more on entropy calculation, see this answer.

(The wisdom of entering your password in a Web-based "password meter" is questionable, too. The one you link to claims that it does all the computations in Javascript and your password does not leave your browser, but did you really check the Javascript source to make sure of it ?)

As far as passwords go, 36.86 bits of entropy are rather good. Entropy from passwords selected by average users is much lower than that. Such a password will be broken by an attacker who got the corresponding hash IF the hash was not done properly (e.g. some homemade construction with a couple of SHA-1 invocation), but even then chances are that other users will fall first.


However, you are doing something real wrong. It is right there, in your first sentence:

I mainly use 2 passwords: 1 is a 4 word full lowercase passphrase of 18 letters long which I use wherever possible.

Emphasis is mine; it shows the problem. You are reusing passwords. That is Bad. You shall not reuse passwords. When you use the same password on N sites, you lower the security of your account on all sites to the level provided by the worst of the N. Moreover, when that site gets hacked and your password stolen, and your password shows up on lists of login+password exchanged over P2P networks, you will not know which site did it wrong. A lot of sites still store plaintext passwords (a shooting offence) so any widely reused password MUST be assumed to have already leaked.

If you use site-specific passwords, then any damage will be contained to the specific culprit. Of course, this implies some storage system on your side, e.g. KeePass, or a low-tech "passwords.txt" file (you have to take care of where you store it and use it, but that can be managed with decent physical security), or even a printed list that you keep in your wallet. In practice, separation of passwords for damage containment will be a lot more important to your security than password entropy.


Measuring entropy of a passphrase is often tricky. For example, if you follow NIST guidelines for measuring entropy of human-generated password then entropy of your both passwords will be ~33 bits.

I would say even at 33 bits this is OK for intended purposes, however, you're doing one thing very wrong: you should NEVER EVER reuse a password. I know that in current digital world that's hard to attain, but there are tools to help (see e.g. KeePass or 1password). Adopt one of such tools early and it will save you in the future.