What Makes This Password Generator Secure?
Every password comes from your browser's cryptographic random number generator (crypto.getRandomValues) — the same source of randomness that password managers and encryption libraries rely on. The generator uses rejection sampling so every character in the pool is exactly equally likely, with none of the subtle bias that naive implementations introduce.
Just as important: generation happens entirely on your device. The password is never sent to a server, never logged, and never stored — it exists only on your screen and, when you press Copy, in your clipboard.
How to Create a Strong Password
- Choose a length— 16 characters is a strong default; go longer for email, banking, and your password manager's master password.
- Keep all character sets on when the site allows it: lowercase, uppercase, numbers, and symbols maximize the pool an attacker must search.
- Generate and copy— the strength meter shows the entropy of your settings in bits; aim for "Strong" or better.
- Store it in a password manager — a unique random password per account is the single biggest upgrade to your personal security.
Why Random Beats Memorable
Human-invented passwords follow patterns — dictionary words, birthdays, keyboard walks, predictable substitutions like "a" → "@" — and cracking software tries exactly those patterns first, testing billions of candidates per second against leaked password databases. A uniformly random 16-character password has no pattern to exploit: an attacker's only option is brute force across the entire space, which at ~100 bits of entropy is computationally out of reach.
Password Hygiene Beyond Generation
- Never reuse passwords — one breached site should never unlock another.
- Turn on two-factor authentication wherever it is offered; it protects you even if a password leaks.
- Change passwords after a breach notification, not on an arbitrary schedule — forced rotation tends to produce weaker, patterned passwords.
- Watch out for phishing — the strongest password in the world does not help if it is typed into a fake login page.
How Strong Is a Password of Each Length?
Entropy grows linearly with length, but the attacker's work doubles with every added bit — so each extra character multiplies cracking time by ~94. With all four character sets enabled:
