🔒

Password Generator

Create secure, random passwords. Configure length, uppercase, numbers, and symbols.

Reference

What makes a strong password?

A strong password combines length, character variety, and randomness. Length is the single most important factor — NIST SP 800-63B recommends at least 16 characters for sensitive accounts. Mixing character types (uppercase, lowercase, numbers, symbols) multiplies the number of possible combinations exponentially.

Password entropy

Entropy E = log₂(RL), where R is the character set size and L is the length. A 20-character password using all character types (~94 chars) gives roughly 131 bits of entropy — considered unbreakable with current and near-future technology. The OWASP Authentication Cheat Sheet recommends entropy proportional to your threat model; 128+ bits is the practical gold standard.

Best practices

  • Use at least 16 characters for sensitive accounts (email, banking, work). Longer passwords exponentially raise the cost of cracking.
  • Never reuse passwords across sites. If one service is breached, attackers will test your credentials everywhere else.
  • Store passwords in a password manager (Bitwarden, 1Password, KeePass). You only need to remember one master password.
  • Enable two-factor authentication (2FA) wherever possible — even a leaked password cannot unlock an account protected by a second factor.

Privacy

Passwords are generated 100% in your browser using crypto.getRandomValues() from the Web Crypto API. Nothing is ever sent to a server.

← Back to all tools