Password Generator
Generate strong, secure random passwords with custom length and character sets.
What makes a password strong?
Password strength is determined by entropy β the mathematical measure of unpredictability. A password with more possible combinations takes exponentially longer to crack by brute force. Length is the single biggest factor: each additional character multiplies the number of possible combinations by the size of the character set. A 16-character random password from a 95-character set has more entropy than any human-chosen phrase.
Entropy = logβ(charset_size^length)
Example with 94-character set (uppercase + lowercase + digits + symbols):
8 chars: logβ(94βΈ) = 52.4 bits β crackable in hours (modern GPUs)
12 chars: logβ(94ΒΉΒ²) = 78.6 bits β centuries to crack by brute force
16 chars: logβ(94ΒΉβΆ) = 104.9 bits β beyond practical brute-force
Rule of thumb: aim for β₯ 72 bits of entropy for important accountsPassword cracking: how attackers work
Password security best practices
- Use a password manager. 1Password, Bitwarden, and Dashlane generate and store unique strong passwords for every site. You only remember one master password.
- Never reuse passwords. If one site is breached, credential stuffing attacks immediately test your password on every other site. Unique passwords limit breach damage to one account.
- Enable two-factor authentication (2FA). Even a weak password becomes dramatically harder to exploit when TOTP codes or hardware keys are also required.
- Length beats complexity for memorised passwords. "correct-horse-battery-staple" (a random 4-word passphrase) has more entropy than "P@ssw0rd!" and is far more memorable.
Frequently asked questions
How long should my password be?
At least 12β16 characters. Length adds more security than complexity β each extra character exponentially increases the time needed to crack it.
Are these passwords stored anywhere?
No. They are generated in your browser using random values and are never transmitted or saved by this site.
What makes a password strong?
High entropy β a long, random mix of upper- and lowercase letters, digits and symbols, and a different password for every account.
Should I use a password manager?
Yes. A password manager generates and stores a unique strong password for every site, so you only need to remember one master password.
Generates cryptographically random passwords using browser-native Math.random. Choose the length and which character sets to include. Longer passwords with all character types are exponentially harder to crack.
Characters selected randomly from chosen sets. 16-char password with all sets = ~10Β²βΆ combinations.