Password Generator

What is a strong password?

A strong password should have at least 12 characters and combine uppercase letters, lowercase letters, numbers and special symbols. Avoid dictionary words, birth dates, proper names or predictable sequences like "123456" or "qwerty".

The longer and more random, the better: a 16-character password with all character types would take centuries to crack by brute force. Use unique passwords for each service and store them in a password manager.

This tool generates random passwords directly in your browser, using the crypto.getRandomValues API — no data is transmitted or stored on external servers.

Password security in depth: entropy, attacks and defenses

Entropy: measuring strength in bits

Entropy is the mathematical measure of how unpredictable a password is, expressed in bits. The formula is E = log2(R^L), where R is the size of the character pool and L is the length. Each additional bit doubles the number of possible combinations an attacker must try.

Practical benchmarks for truly random passwords:

• Under 35 bits: weak — defeated by online guessing or modest offline attacks.
• 36 to 59 bits: moderate — acceptable only when paired with rate limiting and MFA.
• 60 to 79 bits: strong — appropriate for general consumer accounts.
• 80 bits and above: very strong — recommended for password vaults, recovery seeds and admin accounts.

A 12-character password using the full 94-symbol printable ASCII set yields roughly 78 bits of entropy. Extend it to 16 characters and you reach about 105 bits — outside the range of any realistic brute-force attack against a properly salted hash.

Attack types you must defend against

• Brute force: trying every possible combination. Effective only against short or low-entropy secrets.
• Dictionary attacks: testing wordlists, leaked passwords and common substitutions (P@ssw0rd, summer2025). Devastating against human-chosen passwords.
• Credential stuffing: automated login attempts using credentials leaked from other breaches. The reason password reuse is catastrophic.
• Rainbow tables: precomputed hash-to-plaintext lookup tables. Defeated by per-user salt, but still relevant against legacy unsalted MD5/SHA-1 dumps.
• Phishing: tricks the user into typing the password into a fake site. No password length protects against this — only MFA and passkeys do.

How fast can a GPU crack a hash?

A modern GPU rig can compute on the order of 10 billion SHA-256 hashes per second, and 2025 benchmarks (RTX 5090 stacks) push that even further. Crucially, the cost depends on the hashing algorithm used by the service:

• Fast hashes (MD5, SHA-1, unsalted SHA-256): an 8-character random password falls in minutes; a 12-character random one still falls in days to weeks.
• Slow KDFs (bcrypt, scrypt, Argon2id): the same hardware drops to a few thousand attempts per second, so even a 10-character password resists offline attack for years.

The defender controls the hashing algorithm; the user controls only the length. That is why length is the single most important variable — a 16-character random password is effectively uncrackable today, regardless of what hash the service uses.

NIST SP 800-63B: modern guidelines

The 2017 NIST guidelines (with revision 4 published in 2025) overturned decades of bad advice. The most important rules:

• Length is paramount: at least 15 characters for single-factor authentication, with support for up to 64.
• No mandatory complexity rules — no forced mix of upper/lower/digit/symbol.
• No periodic expiration — passwords change only on evidence of compromise.
• No knowledge-based security questions (mother's maiden name, first pet) — they are weaker than the password itself.
• Verifiers must screen new passwords against a blocklist of breached and common secrets.
• Allow paste and password manager autofill; allow all printable Unicode characters and spaces.

Passphrases: the xkcd 936 model

Randall Munroe's xkcd 936 popularized the diceware-style passphrase: four random common words joined together, such as correct-horse-battery-staple. With a 2000-word list, four words give roughly 44 bits of entropy — strong enough for an MFA-protected account but borderline for a master password. Add a fifth or sixth word and you cross 55–65 bits while remaining memorable. The trick: the words must be chosen by a random process, not by you.

Password managers: why you should trust one

A password manager generates and stores a unique long random password for every site, so you only have to remember one strong master password. Vault contents are encrypted with a key derived from your master via a slow KDF (Argon2 or PBKDF2 with hundreds of thousands of iterations), so even if the vault file leaks the attacker cannot brute-force it.

• Bitwarden: open source, free tier covers unlimited devices and items, optional self-hosting.
• 1Password: polished UX, Secret Key + master password design, regional data residency, audited.
• KeePass / KeePassXC: fully offline, file-based vault, no cloud, maximum control but you handle sync.
• Built-in (Apple Passwords, Google Password Manager): free, integrated with the OS, fine for low-risk accounts.

MFA and passkeys: beyond the password

A second factor turns a stolen password into a useless string. From weakest to strongest:

• SMS codes: vulnerable to SIM swap and SS7 attacks — use only when nothing else is offered.
• TOTP apps (Google Authenticator, Authy, 2FAS): RFC 6238 time-based codes, phishing-resistant only if the user notices the URL.
• Hardware security keys (YubiKey, Titan): FIDO2/U2F, phishing-resistant by design.
• Passkeys (WebAuthn): replace the password entirely with a device-bound keypair, synced across your devices via the OS keychain. The phishing window closes because the browser checks the origin before signing.

Have I Been Pwned: check leaks without leaking

Troy Hunt's Pwned Passwords service lets you verify if a password has appeared in any public breach. Privacy is preserved via k-anonymity: your browser computes SHA-1(password) and sends only the first 5 hex characters to api.pwnedpasswords.com/range/{prefix}. The server replies with around 800 hash suffixes that share that prefix; the client checks locally whether the remaining 35 characters appear in the list. The full hash never leaves your device.

FAQ

Is a 12-character password enough? If truly random and unique per site, yes — about 78 bits of entropy, well beyond any practical offline attack against a salted hash. For master passwords and crypto wallets, prefer 16+ characters or a 5–6 word passphrase.

Should I rotate passwords every 90 days? No. NIST explicitly forbids forced periodic rotation: it drives users toward predictable variants (Summer2025! → Autumn2025!). Rotate only when there is evidence of compromise.

Are symbols really necessary? Not strictly. Length matters more than character variety. A 20-character lowercase passphrase is stronger than a 10-character one full of symbols. Use symbols when the site enforces them.

Is it safe to let the browser save passwords? Modern browser managers (Chrome, Safari, Firefox) encrypt the vault with your OS account credentials and now support passkey sync. Safe for low-stakes accounts; for banking and email prefer a dedicated manager with its own master password.

What if I cannot remember a long master password? Use a 5–7 word diceware passphrase: it has high entropy and is easier to recall than a random string. Write it down on paper, store it in a safe at home, and never store it digitally outside the vault itself.