Security

Password Generator

Generate strong, random passwords with custom options. Instant and 100% private.

16
664

What makes a password actually strong?

Forget the old advice about substituting a with @ or sticking a number on the end of your dog's name. Modern password strength comes from two things and two things only: length and randomness.

Length beats complexity

A random 16-character password is more secure than an 8-character password with every symbol type. Each extra character multiplies the search space exponentially — the math overwhelmingly favors longer over fancier.

Time to crack — by length

8 chars12 chars★ Recommended16 chars20+ chars
Estimated crack timeMinutes to hoursCenturiesEffectively neverCosmic timescales
Strength ratingWeakGoodStrongVery strong
Use forDon'tLow-stakes accountsEverythingHigh-security (banking, email)

Estimates based on a modern GPU array attempting offline brute force. Online attacks are far slower thanks to rate limits.

The 3 password rules that actually matter

  • 16+ characters minimum. 20+ for email and banking. The 8-character era is over.
  • Unique per site. If one site gets breached, attackers try the same password everywhere else. Reuse turns one breach into ten.
  • Use a password manager. Bitwarden (free, open source), 1Password (paid, very polished), or your browser's built-in one. Stop trying to memorize.

The only password you should memorize

Your password manager's master password. Make it a long passphrase — four random words, ~25 characters. Easy for you to remember, impossible to brute force.

FAQ

Are these passwords stored anywhere?

+

No. They're generated in your browser and never sent or logged. Refresh the page and they're gone forever. Save them in a password manager immediately.

Should I include symbols?

+

Yes when allowed — they expand the character space. But length always matters more. A 20-character letters-only password is stronger than a 12-character "complex" one.

What's the safest way to share a password with a coworker?

+

Use a password manager that supports sharing (Bitwarden, 1Password). Never email, Slack, or text a password — those channels often archive forever.

Should I change passwords regularly?

+

Modern NIST guidance: no. Forced rotation leads to weaker passwords (people append numbers). Change only when you have a reason — a breach notification, suspicious activity, or a known reuse.

Keep exploring

Related tools

Browse all 38+ tools