Security

Password Generator

Generate a secure, random password instantly

16

What actually makes a password strong

A strong password is one that is hard to guess, and the maths behind that is called entropy - a measure, in bits, of how many possibilities an attacker would have to try. The more bits, the longer a crack takes. Two things drive entropy: how many different characters you draw from, and crucially, how long the password is.

entropy (bits) = length × log2(size of character set)

8 random characters, full keyboard  ≈ 52 bits
16 random characters, full keyboard ≈ 105 bits

Length beats cleverness

Notice in the example that doubling the length roughly doubled the entropy. Adding symbols helps, but each extra character you add multiplies the difficulty far more than swapping an "a" for an "@". This is why a long, fully random password is dramatically stronger than a short "complex" one - and why this generator defaults to generous lengths.

Random is the whole point

Strength assumes the characters are genuinely random. The moment a password contains a real word, a name, a date or a keyboard pattern like "qwerty", attackers exploit it with dictionaries and rules and the effective entropy collapses. A machine-generated string has none of those weaknesses.

Use a manager, and never reuse

A long random password is impossible to remember - and that is fine. Store it in a password manager and let it generate a unique one for every account, so a breach of one site can never unlock the others. This tool generates every password locally in your browser; nothing you create here is ever transmitted to or logged on a server.

More Security Tools