How to Generate Strong Passwords
A weak password is the single most exploited vulnerability on the consumer internet. Year after year, the breach corpora released by attackers show the same handful of strings at the top: "123456," "password," "qwerty," "admin." If any of your accounts share that DNA, they are already sitting on a wordlist running in a botnet somewhere. A strong password is the cheapest, fastest defence you can deploy, and a few seconds with a generator beats anything a human brain produces under pressure.
A short history of computer passwords
Computer passwords date to 1961, when Fernando Corbató's team at MIT introduced them for the Compatible Time-Sharing System (CTSS), allowing many users to share one mainframe while keeping their files private. The system had its first breach in 1962 when PhD student Allan Scherr printed out the master password file to grab more compute time than his weekly four-hour quota allowed. The lesson, that storing secrets in the clear next to the accounts they protect is a bad idea, took the field nearly twenty years to fully absorb.
In 1979, Robert Morris and Ken Thompson published "Password Security: A Case History" and shipped salted DES hashing in Unix Version 7: a 12-bit random salt plus 25 iterations of DES turned the password file from a one-shot trophy into a moderately expensive brute-force target. Rainbow tables, Alec Muffett's "Crack" (1991), and ever-faster GPUs eventually overwhelmed those defences, and the field moved to deliberately slow hash functions: bcrypt (1999), scrypt (2009), and Argon2 (2015, the current PHC winner).
The user-facing side of password advice moved more slowly. NIST's 2003 guidelines (written largely by Bill Burr) recommended forced periodic rotation and mandatory character-class mixing, advice that became the corporate default for fifteen years. Burr himself disavowed those rules in a 2017 interview. The same year, NIST SP 800-63B Revision 3 formally dropped both periodic rotation and composition rules, replacing them with two simpler ideas: prefer long memorised secrets, and check candidate passwords against breach corpora before accepting them.
What makes a password strong
A password's resistance to guessing reduces to one quantity: entropy, measured in bits. Each bit doubles the search space. A 4-digit PIN has about 13 bits of entropy (10,000 combinations). A 16-character lowercase-only string has about 75 bits. A 16-character mixed-case + digits + symbols string has about 105 bits. At 100 GH/s, which a high-end consumer GPU can hit against fast salted hashes, 50 bits falls in days, 70 bits in millennia.
Two practical implications follow.
Length dominates complexity. Adding one character drawn from a 70-symbol alphabet multiplies the search space by 70, roughly the same as adding 6.1 bits. Adding one rule of composition (say, mixing case at constant length) only doubles the search space, one extra bit. Twelve random lowercase characters beat eight mixed-case + symbol characters every time.
Randomness is non-negotiable. A 20-character string built from English words is not 130 bits of entropy; against a serious attacker it might be 40, because cracking tools run wordlists plus mangling rules, not blind brute force. Generated passwords give you full entropy per character. Human-chosen passwords almost never do.
How a password generator works
A browser-based generator uses crypto.getRandomValues(), the platform's cryptographically secure random number generator (CSPRNG), backed by the operating system's entropy pool. It is the same source used to derive TLS session keys and AES initialisation vectors. The much older Math.random() is not cryptographically secure and must never be used for passwords or any other security purpose.
You choose three things:
- Length in characters
- Character classes to include (lowercase, uppercase, digits, symbols)
- Optional exclusions for visually-ambiguous characters (
l,1,I,O,0) when the password must be read aloud or transcribed by hand
The generator then samples uniformly from the chosen alphabet until the requested length is reached, with no bias and no patterns.
How to generate a strong password
- Decide the length. Twelve characters is a reasonable floor for new accounts, 16 to 20 for accounts that hold money or secrets, 25 or more for master passwords and root credentials.
- Enable all character classes unless the site rejects symbols. Hidden composition rules cost a few bits of entropy and you may as well include the harder-to-guess characters when a manager fills the field for you anyway.
- Generate, then audit. Most generators show the entropy estimate; aim for at least 80 bits for ordinary accounts, 100 or more for high-value.
- Save to a password manager before pasting. Closing the tab loses the password forever if it is not stored first. This is the single most common own-goal.
- Test the login round-trip. A small but real fraction of sites silently truncate passwords at 16, 20, or 32 characters, or strip certain symbols server-side. Log out and back in once to confirm what was actually accepted.
Length, alphabet, and entropy at a glance
| Length | Alphabet | Combinations | Entropy (bits) |
|---|---|---|---|
| 8 | lowercase only (26) | 2.1 × 10^11 | 38 |
| 12 | lowercase + digit (36) | 4.7 × 10^18 | 62 |
| 16 | mixed-case + digit (62) | 4.8 × 10^28 | 95 |
| 20 | mixed-case + digit + 32 symbols | 4.5 × 10^37 | 125 |
| 25 | full keyboard (about 94) | 2.0 × 10^49 | 164 |
Anything below 64 bits is brittle against a determined offline attacker. Anything above 100 bits is comfortably future-proof for the next decade against classical hardware. Quantum attacks halve effective entropy via Grover's algorithm, so 100 classical bits gives 50 post-quantum bits, still well above any practical threat.
Passphrases as an alternative
For the small set of passwords you actually need to remember (your password manager's master password, a device unlock, an emergency recovery code), a passphrase beats a random string on memorability without sacrificing security. The classic recipe is Diceware, invented by Arnold Reinhold in 1995: roll five physical dice, look up the five-digit number in a 7,776-entry wordlist (7,776 = 6^5), repeat for the number of words you want. Each word adds about 12.9 bits of entropy, so a six-word phrase such as correct horse battery staple cargo lumen gives roughly 77 bits, equivalent to a random 13-character mixed-case + digit string.
In 2016 the Electronic Frontier Foundation published refreshed Diceware-style wordlists with longer, more memorable words (average 7 characters versus Reinhold's 4.3), still 7,776 entries, still the same entropy per word, easier to type and to dictate over the phone. Either list works.
The single mistake that destroys passphrase security is to pick the words yourself rather than roll dice. Humans cluster around 1,000 to 2,000 common nouns and verbs, so a self-invented six-word phrase often carries closer to 60 bits of effective entropy and is sometimes outright in the cracker's wordlist (correct horse battery staple itself, popularised by the xkcd comic, is now in every modern dictionary attack).
Tips for better passwords
- Use a different password for every account. Reuse is the single highest-yield attack vector; one breached site exposes every other account that shared the credential.
- Generate, never invent. Brains are bad at randomness; computers are very good at it. Outsource the work.
- Aim long, not clever. Twenty characters from
crypto.getRandomValuesbeats any pattern you can devise. - Paste in bulk, never type. Typing a 20-character random string invites typos and shoulder-surfing alike; let the password manager fill the field.
- Audit existing passwords against breach corpora. haveibeenpwned.com's Pwned Passwords API checks any password against around 850 million leaked hashes using a k-anonymity protocol that never sends the full password.
- Rotate only on signal, not on schedule. Forced 90-day rotation pushes users into predictable patterns like
Spring2026!thenSummer2026!. Current NIST guidance is to rotate only when compromise is suspected. - Disable or randomise security questions. "Mother's maiden name" is searchable on most genealogy sites; treat the answers as alternate passwords and store random strings in your manager.
- Use the autofill, and verify the domain. A password manager that refuses to fill on a lookalike domain just blocked a phishing attempt for free.
Common mistakes
- Reusing passwords. Credential-stuffing attacks try leaked email/password pairs against thousands of sites; one reused password is a complete account compromise.
- Personal information. Pet names, birthdays, kids' names, addresses, school mascots, all easily harvested from social media.
- Simple substitutions.
P@ssw0rdandPa55wordare in every wordlist; cracking tools applyato@,oto0,sto$as default mangling rules. - Short passwords. Anything under 10 characters against salted SHA-256 on consumer hardware falls in hours, sometimes minutes.
- Keyboard walks and sequences.
qwertyuiop,1qaz2wsx,asdfghjkl,abcd1234are tried in the first thousand attempts. - Storing in plaintext. Sticky notes,
passwords.txt, browser autofill with no master password, all defeat any generator strength downstream. - Sharing via email or chat. Email is stored at rest on the provider and often in the receiver's device backups; chat history persists indefinitely.
- Trusting strength meters alone. Many meters score length and class composition and miss obvious dictionary patterns;
correct horse battery staplerates "weak" on some meters and is in fact strong by entropy. - Periodic forced rotation. Pushes users toward predictable derivatives and weakens the population average.
- Treating MFA as optional. Even a generated 25-character password should have a second factor for high-value accounts; passwords get phished, second factors raise the bar.
Beyond passwords: managers, MFA, and passkeys
A password manager is no longer optional. The realistic alternative is either reusing weak passwords or writing them down, both worse than any reputable manager. A short comparison of the major options:
| Tool | Pricing | Storage model | Notable strength |
|---|---|---|---|
| Bitwarden | Free / paid | Cloud sync, self-host option | Open source, audited, generous free tier |
| 1Password | Paid | Cloud sync, end-to-end encrypted | Polished UX, family sharing, Travel Mode |
| Dashlane | Paid | Cloud sync | Dark-web monitoring, VPN bundle |
| KeePassXC | Free | Local file (sync however you like) | Fully offline, no vendor risk |
| Proton Pass | Free / paid | Cloud sync, end-to-end encrypted | Bundled with Proton account, alias emails |
| Apple Keychain | Free on Apple devices | iCloud sync | Native, free, locked to Apple ecosystem |
| Browser built-ins | Free | Browser-account sync | Free and built-in, weaker against malware on the host |
Two-factor authentication (2FA) raises the cost of a stolen password from instant takeover to "attacker must also intercept the second factor." Prefer time-based one-time passwords (TOTP, via an authenticator app such as Aegis, Raivo, or 2FAS) over SMS, which is vulnerable to SIM-swap attacks. Prefer hardware security keys (YubiKey, Titan, SoloKey) over TOTP for the highest-value accounts.
Passkeys (FIDO2 / WebAuthn) replace the password with a device-bound cryptographic key. Apple, Google, and Microsoft jointly announced expanded passkey support in May 2022, and passkeys are now available on iOS 16+, Android, Chrome, Safari, Edge, and Windows Hello. A passkey is unphishable because the browser refuses to use it on a domain it was not registered for, and there is no shared secret in a server-side database to leak in a breach. Where a site offers passkeys, enable them; you can usually keep the password as a fallback while the ecosystem matures.
Privacy and the generator
The password generator runs entirely in your browser. It calls crypto.getRandomValues() once per character, samples from the chosen alphabet, and renders the result to the page. Nothing is logged, nothing is sent to a server, and nothing is stored after you navigate away. The generated password never leaves your device unless you choose to paste it somewhere. For something as foundational as the key to an account, that local-only flow is the right default: no telemetry, no analytics, no third-party scripts, no cache. The whole tool can run offline once the page is loaded, which you can verify by switching off your network and clicking Generate again.
Frequently Asked Questions
How long should my password be?
Use at least 12 characters for adequate security, 16 or more for high-security accounts. Each additional character makes the password exponentially harder to crack.
Should I include special characters?
Yes. Combining uppercase letters (A-Z), lowercase letters (a-z), numbers (0-9), and special characters (!@#$%^&*) significantly increases password strength by expanding the character set an attacker would need to guess.
Is a password generator safe to use?
Yes, when it runs in your browser. Browser-based generators use your device's cryptographic random number generator and never send the password to a server.
How often should I change my passwords?
Current security guidance (from NIST and others) recommends changing passwords only when there is evidence of a breach, not on a fixed schedule. Frequent forced changes lead to weaker passwords because people choose simpler ones they can remember.
Is a passphrase as good as a random password?
Yes, if it is long enough and the words are chosen randomly (for example with Diceware or the EFF wordlist). Six randomly-chosen words give about 77 bits of entropy, comparable to a 13-character random password. Self-invented phrases are usually much weaker because humans cluster around the same few thousand common words.