Secure Password Generator

Weak Average Strong
16
Security Tips
  • Use at least 12 characters
  • Mix character types
  • Unique password per account
  • Use a password manager

What Makes a Generated Password Strong

Strength is entropy: a random 16-character password over the full printable character set carries roughly 105 bits, which no offline attack touches. The generator uses the browser's CSPRNG (crypto.getRandomValues), so output is unpredictable and never leaves your machine. What those bit counts actually mean against real cracking hardware is worked through in password security and entropy.

Generated randomness belongs in a password manager. For the handful of secrets you must hold in your head - the manager's master password, disk encryption - a diceware passphrase reaches comparable strength in a form memory can keep; the trade-offs are compared directly in password generator vs passphrase.

Password Questions

Length matters most. A 16-character random password is vastly stronger than an 8-character one, even without special characters. Mix in uppercase, lowercase, numbers, and symbols for good measure. And never reuse passwords - that's where most breaches come from.

16+ characters for anything important. 12 is okay for less critical stuff. For your email or password manager master password? Go 20+. Each extra character makes brute-forcing exponentially harder.

They help, but length helps more. If a site requires them, include them. If they cause issues (some systems are picky), just make the password longer instead. A 20-char alphanumeric password beats a 10-char one with symbols.

Yes. The passwords are generated in your browser using Web Crypto API - the same secure randomness browsers use for TLS. Open DevTools and check the Network tab if you want proof nothing leaves your machine.

You're not. Use a password manager - Bitwarden, 1Password, KeePass, whatever works for you. Memorize one strong master password, let the manager handle the rest.