How long should a password be?

At least 12, ideally 16+. Each extra character drastically multiplies brute-force time.

Are passwords sent anywhere?

No. Generation happens fully in your browser via crypto.getRandomValues, a secure source.

What does entropy in bits mean?

It measures unpredictability. 60 bits = acceptable, 80 = strong, 100+ = very strong. Formula: log₂(pool size) × length.

Should I change passwords regularly?

Only on suspected leak. Forced rotations every 3 months are now discouraged by security agencies — they push users toward weaker passwords.

Generators

Password generator

Generate a strong random password. Adjust length, pick character sets, see strength updated live.

Length 16

Password

How to use this tool

A good password is at least 14 characters long, combines upper, lower, digits and symbols, and is used for only one account. This tool uses the browser's cryptographic API (Web Crypto): even knowing the code, it's unpredictable. Nothing is sent over the network — generation is local. Use a password manager (Bitwarden, 1Password, KeePass) to store them securely.

Concrete examples

12 alphanumeric chars: decent baseline
16+ chars with symbols: very strong (80+ bits entropy)
24 chars without symbols: strong and easy to type

Frequently asked questions

How long should a password be?: At least 12, ideally 16+. Each extra character drastically multiplies brute-force time.
Are passwords sent anywhere?: No. Generation happens fully in your browser via crypto.getRandomValues, a secure source.
What does entropy in bits mean?: It measures unpredictability. 60 bits = acceptable, 80 = strong, 100+ = very strong. Formula: log₂(pool size) × length.
Should I change passwords regularly?: Only on suspected leak. Forced rotations every 3 months are now discouraged by security agencies — they push users toward weaker passwords.