diff --git a/content/notes/04-authentication-authorisation-passwords.md b/content/notes/04-authentication-authorisation-passwords.md
index 4727765bf..a49400c39 100644
--- a/content/notes/04-authentication-authorisation-passwords.md
+++ b/content/notes/04-authentication-authorisation-passwords.md
@@ -49,4 +49,16 @@ tags:
 - lots of bad advice
 - we are lazy
 - "safe" passwords are difficult to enter on touch screen devies
-- to many accouts
\ No newline at end of file
+- to many accouts
+
+## entropy
+- amount of randomness
+- measure of the number of guesse an attacker would need to brute force
+- $E = log_2(A^L)$ 
+- A = size of alphabet
+- L = length of password
+- E = entropy in bits
+- 80 bits is "safe"
+	- would take decades
+- 6 digits passoword - 29 bits (took 4 seconds to brute force)
+- + uppercase and numbers - 36 bits
\ No newline at end of file