100% local. Nothing leaves your browser.

Password Generator

Generate strong passwords, analyze entropy, and understand how long they would resist different levels of computational power.

-- --

Settings

Length 20

✓ Uppercase (A-Z) ✓ Lowercase (a-z) ✓ Numbers (0-9) ✓ Symbols (!@#$...) ✓ Exclude ambiguous characters (0, O, l, 1, I)

Strength Criteria

12+ characters

✓ Uppercase letters

✓ Lowercase letters

✓ Numbers

✓ Symbols

✓ 60+ bits of entropy

How Long Your Password Stays Safe Educational estimates

Generate Multiple

Check Your Own Password

Your password is analyzed locally in your browser. Nothing is sent to any server.

Learn About Password Security

What makes a password strong?

Password strength comes from unpredictability, measured in bits of entropy. A password with 80 bits of entropy has 2^80 possible combinations that an attacker would need to try.

Two factors determine entropy: the size of the character set (how many possible characters per position) and the length (how many positions). The formula is: entropy = length x log2(charset_size).

For example, a 16-character password using all 95 printable ASCII characters has about 105 bits of entropy. That is approximately 40 trillion trillion combinations.

Why length matters more than complexity

Adding one more character to your password multiplies the total combinations by the charset size. Adding one more character type only adds a smaller amount.

Consider: a 12-character password with only lowercase letters (26 chars) has 26^12 = 95 trillion combinations. An 8-character password using all 95 printable characters has 95^8 = 6.6 trillion combinations. The simpler but longer password is actually harder to guess.

This is why passphrases (4-6 random words) are both easier to remember and often stronger than short complex passwords. A 5-word passphrase from a 1,000-word list yields 1000^5 = 1 quadrillion combinations.

Use a password manager

The most effective password strategy is to use a unique, strong password for every account and store them in a password manager. You only need to remember one master password.

Reputable password managers include 1Password, Bitwarden, and KeePassXC. They generate, store, and auto-fill passwords across all your devices, so you never need to reuse a password or write one down.

Even the best password is useless if you reuse it across multiple accounts. A breach at one service exposes every account that shares that password.

Common password patterns to avoid

Dictionary words: Attackers run dictionary attacks first, trying common words and names before random combinations.

Simple substitutions: Replacing "a" with "@" or "o" with "0" is well-known. Attackers test these substitution patterns automatically.

Keyboard patterns: Sequences like "qwerty," "123456," and "asdfgh" appear in every leaked password database.

Personal information: Names, birthdays, addresses, and pet names are easily discovered through social media.

Short passwords: Any password under 10 characters can be tested exhaustively in minutes to hours with modern hardware, regardless of complexity.

Quick Presets

Related Tools

100% free. No tracking. No data stored. Built by WellerDeveler.