Online Tools
Simulators

Password Generator

Generate secure passwords with options

password generatorstrong passwordrandom passwordsecure password
16 characters
Password strength
Estimate based on your settings
Strong
Entropy89 bitsAlphabet = 48
PhQaAgh49asirAAs
U7EKXVXfK9EWEaUv
TyPkpyEJU9rCmtz3
XMyv4bWakKwkPP7D
Yy4QChQh9jEaadYj
NTjznpuxUVF4gLsk

Examples and real-life use cases

  • Create a strong password for a new online account.
  • Generate passphrases with mixed characters for better security.
  • Quickly refresh a compromised password.

FAQ

Are passwords stored?
No, generation happens locally in your browser.
What length is recommended?
At least 12–16 characters with a mix of types is recommended.

Password generator: complete guide, entropy and best practices

A strong password relies on two levers: length and character diversity. This tool generates passwords locally in your browser, estimates entropy, and lets you export batches to compare options. Below is a detailed guide on how it works, the formulas used, and the limits you should be aware of.

How the tool works

  • Pick a length between 6 and 64 and choose which character families to include (lowercase, uppercase, digits, symbols).
  • Generation is random and fully local; no password is sent to a server.
  • The strength bar and entropy estimate update in real time based on your settings.
  • You can copy the password, regenerate instantly and export a CSV batch to compare options.

Possible methods

  • Random mix of characters chosen uniformly from the selected set; simple and effective.
  • Passphrase several common words separated by delimiters; more memorable at similar entropy.
  • Hybrid passphrase + substitutions (digits/symbols) to expand the search space.

Entropy: model and estimation

The entropy (bits) of a uniformly drawn password is approximated by E = L × log2(N), where L is length and N is the effective character set size. Higher E means costlier brute‑force. This approximation ignores human biases (patterns, dictionary words).

Visualization: estimated entropy (bits) vs length for the selected character set.

Indicative strength scale

EntropyQuality
< 40 bitsWeak (throwaway use only)
40–60 bitsMedium (low‑sensitivity accounts)
60–80 bitsGood (recommended general use)
> 80 bitsHigh (sensitive/long‑term accounts)

Practical tips

  • Length first: aim 12–16+ for typical accounts; 20+ for critical access.
  • Password manager: use a reputable manager to store and auto‑fill.
  • Unique per service: never reuse a password across sites.
  • 2FA: enable two‑factor authentication when available (TOTP, FIDO2 key).
  • Passphrase: for a master secret you must remember, prefer a long, memorable passphrase.
  • Tables & export: generate a CSV batch to compare length vs entropy and pick a compromise.

Limits and responsibility

Entropy estimates assume uniform, independent draws. Human patterns, dictionary words or predictable substitutions drastically reduce real security. Results are indicative; for regulated environments, complement with internal policies (KDF, rotation, MFA).

New features

  • Passphrase mode (simplified Diceware) with separator and word count.
  • Pronounceable mode (CVC patterns) for memorable secrets.
  • Secure random via Crypto API, with a pseudo‑random demo switch.
  • Exclude ambiguous characters and enforce inclusion rules (1 of each type).
  • 6 passwords generated by default on each run.