Password Generator

Password strength is primarily a function of two factors: length and character-set size. A password's entropy is measured in bits: entropy = length × log₂(charset_size).

• 12 characters, mixed case + numbers + symbols — ~79 bits. Acceptable for most accounts.
• 16 characters, mixed case + numbers + symbols — ~105 bits. Strong. Recommended default.
• 24+ characters, all classes — ≥157 bits. Effectively uncrackable with current hardware.

Length gains entropy faster than adding more character classes. A 20-character lowercase-only password is stronger than a 10-character password with every class enabled.

Passphrases combine random dictionary words into a memorable string like correct-horse-battery-staple. A 4-word passphrase from a 100-word list gives roughly 26 bits of entropy, while a 6-word phrase from a 7,776-word Diceware list exceeds 77 bits — more than enough for most uses, and far easier to remember and type than a random character string.

Use passphrases for accounts you type manually (Wi-Fi passwords, disk encryption, password manager master password). Use random character passwords for everything stored in your password manager.

Never write passwords in a plain-text file or spreadsheet. Use a password manager — they store your credentials in an encrypted vault and fill them automatically:

• Bitwarden — open-source, free tier, self-hostable.
• 1Password — polished UX, family/team plans.
• KeePassXC — local-only, no cloud, maximum control.

This generator runs entirely client-side. No passwords are transmitted to any server or stored anywhere beyond your clipboard.

The strength meter above calculates entropy as n × log₂(pool) where n is the password length and pool is the total number of characters in the enabled classes (26 uppercase + 26 lowercase + 10 digits + ~32 symbols = 94 with all classes). It then estimates crack time assuming 100 billion guesses per second — a realistic figure for offline attacks against a bcrypt-hashed password on dedicated GPU hardware.