How many bits of entropy is considered good for passwords?
I've been review a few with my password manager and many have >100 bits. Many have worse than that.
This is all part of a months long effort to delete accounts or update to strong passwords.
Discussion
#m=image%2Fjpeg&dim=680x672&blurhash=%7CUH%2C-lI%5EFxXRSwbZWVjZV%5D5to%5BwIniaLafWVfiWV2l%23SaLa%24a%23j%5Baya%7BWB%7DlNMShX8WVayayfQf6E9b%5BslnhnijsjsfkbHxursS4X7X8W%3Dj%5Bjan%25M%7CS0xZa%23jujbj%40fkj%40I.sVW%3FWqoKoJj%5BWrj%5BVrS4ofn%24fkbHj%5Bj%3FoL&x=7c2d93a048172d8fbdcfc1f428525b10fdb99f8bfa6953fa9e4defaffd76aa27
Do note that this is for an "offline" attack, where the attacker has already obtained a copy of the hash, or the encrypted data with some idea of its format.
It really depends on your threat model.
To keep random script kiddies from an online brute force attack, even a weak password will do as long as its not one in typical lists, or one you've used before that was leaked in a hack. Fail2ban and the like prevent exhaustive brute force attacks.
To defeat a skilled adversary with cloud or physical access to your files, yeah that's hard, but 128 bits+ of entropy is probably enough.
128 bit if you want it to be long term safe against a sophisticated attacker.