Password Generator
Create strong, random passwords in one click
What Makes a Password Strong?
Password strength is determined by entropy — the number of possible combinations an attacker would need to try. A 12-character password using uppercase, lowercase, numbers, and symbols has approximately 95^12 possible combinations — about 540 billion trillion possibilities. At a trillion guesses per second (the speed of a modern GPU cracking rig), that takes 17,000 years. A 6-character password of only lowercase letters? About 8 seconds.
Length matters more than complexity. A 20-character password using only lowercase letters (26^20 combinations) is stronger than an 8-character password using all character types (95^8). This is counterintuitive to most people because password policies emphasize "must include a symbol" rather than "must be at least 16 characters." The symbol adds one character to a small set. Length multiplies the entire possibility space exponentially.
Why You Should Never Reuse Passwords
When a company gets breached (which happens to major companies several times per year), attackers obtain your email and password for that site. The first thing they do is try that exact combination on every other major site — Gmail, banking, social media, Amazon. This is called credential stuffing, and it is the number one way accounts get compromised. If your Netflix password is the same as your bank password, a Netflix breach becomes a banking breach.
The solution is a unique password for every account. Nobody can remember 200 unique passwords, which is why password managers exist. They store all your passwords in an encrypted vault protected by one master password. You remember one strong password and the manager handles everything else. The major options — 1Password, Bitwarden, Dashlane — cost $0-3 per month and are the single most impactful security improvement most people can make.
Passphrases: The Memorable Alternative
A passphrase like "correct-horse-battery-staple" is both easier to remember and harder to crack than "Tr0ub4dor&3." Four random words from a dictionary of 7,776 words provides 7776^4 = 3.6 trillion combinations — equivalent to a 12-character random password. For your master password or any password you need to type manually, a 4-6 word passphrase is the best balance of security and usability.
How This Generator Works
This generator uses your browser's cryptographic random number generator (crypto.getRandomValues) — the same randomness source used by encryption software and security protocols. No passwords are transmitted, stored, or logged anywhere. The generation happens entirely in your browser. You can verify this by disconnecting from the internet and confirming the generator still works.
How long should my password be?
Minimum 12 characters for any account, 16+ for important accounts (email, banking), 20+ for your password manager master password. Longer is always better. Every additional character multiplies the cracking difficulty exponentially.
Are these passwords truly random?
Yes. This generator uses the Web Crypto API (crypto.getRandomValues), which provides cryptographically secure random numbers. This is the same randomness source used in TLS/SSL encryption. The passwords are generated entirely in your browser — nothing is sent to any server.
Should I use a password manager?
Absolutely. A password manager is the single best security investment you can make. It generates unique passwords for every account, stores them encrypted, and auto-fills them when you log in. 1Password, Bitwarden (free), and Dashlane are all excellent choices.