Password Generator
Generate cryptographically secure random passwords.
Why Use a Random Password Generator?
Humans are notoriously bad at creating random passwords. We tend to use patterns, dictionary words, and personal information that attackers can easily guess. A cryptographically secure random password generator creates passwords that are truly unpredictable and resistant to all forms of password attacks.
This generator uses your browser's cryptographic random number generator (crypto.getRandomValues() or Python's secrets module) to ensure each character is selected with genuine randomness—not pseudo-randomness that could be predicted.
What Makes a Password Secure?
Length is the most important factor in password security. Each additional character exponentially increases the number of possible combinations.
- 8 characters: Crackable in hours
- 12 characters: Takes years
- 16+ characters: Virtually uncrackable
Using multiple character types increases the "key space" attackers must search.
- Lowercase only: 26 chars
- + Uppercase: 52 chars
- + Numbers: 62 chars
- + Symbols: 94+ chars
Password Entropy Explained
Entropy measures the randomness of a password in bits. Higher entropy means more possible combinations and greater security. The formula is:
Entropy = log₂(character_pool_size^password_length)
| Password Configuration | Pool Size | 8 chars | 12 chars | 16 chars |
|---|---|---|---|---|
| Lowercase only | 26 | 37.6 bits | 56.4 bits | 75.2 bits |
| Mixed case | 52 | 45.6 bits | 68.4 bits | 91.2 bits |
| Mixed + numbers | 62 | 47.6 bits | 71.5 bits | 95.3 bits |
| All character types | 94 | 52.4 bits | 78.7 bits | 104.9 bits |
- 64+ bits: Minimum recommended for general use
- 80+ bits: Strong security
- 128+ bits: Maximum practical security (overkill for passwords)
How Long to Crack?
Modern password cracking can attempt billions of guesses per second. Here's how long different passwords would take to crack:
| Password Type | Time to Crack (10B guesses/sec) |
|---|---|
| 6 lowercase letters | Less than 1 second |
| 8 lowercase letters | About 20 seconds |
| 8 mixed case + numbers | About 19 hours |
| 12 all character types | About 3,000 years |
| 16 all character types | Longer than universe age |
Passphrase Alternative
While random passwords are secure, they're hard to memorize. An alternative is a passphrase—a sequence of random words:
Example passphrase:
correct-horse-battery-staple
This 28-character passphrase is easier to remember than a random 12-character password but has comparable entropy (~44 bits for 4 common words, more with modifications).
Password Manager Integration
The best way to use strong, unique passwords is with a password manager:
- Generate a unique password for each account
- Store passwords in an encrypted vault
- Use one strong master password to access the vault
- Enable auto-fill for convenience
Recommended Password Managers
- Bitwarden - Open source, free tier
- 1Password - Great UX, family plans
- KeePassXC - Local storage, open source
- Dashlane - Built-in VPN
Features to Look For
- End-to-end encryption
- Cross-platform sync
- Browser extensions
- 2FA support
- Security breach alerts
Special Character Considerations
While special characters increase entropy, some systems have restrictions:
- WiFi passwords: Some routers don't accept certain symbols
- Legacy systems: May have character limitations
- Copy-paste issues: Some special characters may not paste correctly
If you encounter issues, try generating without special characters and compensate with extra length.
Recommended Settings
- Length: 16+ characters
- Uppercase: Enabled
- Lowercase: Enabled
- Numbers: Enabled
- Symbols: Enabled (when supported)
Security Tips
- Never reuse passwords
- Enable 2FA everywhere
- Don't share passwords
- Don't email passwords
- Change after breaches
- Check haveibeenpwned.com
Password Don'ts
- Pet or family names
- Birthdays or anniversaries
- Dictionary words
- Keyboard patterns (qwerty)
- Simple substitutions (p@ssw0rd)
- Sequential numbers (123456)