Password Tools

Strong Password Generator

Create long, high-entropy passwords built to resist cracking attempts, generated entirely in your browser with a live strength meter.

Generated entirely in your browser with crypto.getRandomValues — nothing is ever sent to a server.

How to generate a strong password

  1. Push the length slider up — 16–20+ characters gives a strong margin for important accounts.
  2. Keep all four character classes (uppercase, lowercase, digits, symbols) enabled for maximum entropy.
  3. Watch the strength meter and bit count, then click Copy once you're happy with it.

What "strong" means in bits

Every bit of entropy doubles the number of guesses needed to find a password by brute force. A password rated "good" or "strong" here sits well above the range that is practical to crack with modern hardware, while a short, single-character-class password can fall in seconds. The meter recalculates live as you change length or toggle a character class, so you can see the trade-off directly.

Length vs. complexity

Given a choice between a shorter password with more symbol variety and a longer one with fewer character classes, length usually wins — each additional character multiplies the search space, while adding one more character class only adds a fixed multiplier. That's why this tool defaults to a generous length rather than relying on symbols alone.

Where to use a strong password

  • Your password manager's master password, since it protects every other credential.
  • Primary email — often the recovery path for every other account.
  • Banking, investment and other financial logins.
  • Any account without two-factor authentication available.

Related tools

Frequently asked questions

What makes a password "strong" rather than just random?
Strength is a function of entropy: length combined with the number of character classes in play. A strong password is long enough and varied enough that brute-forcing it would take an impractical amount of time, even for an attacker with significant computing power.
How many bits of entropy do I actually need?
Security guidance generally treats 60+ bits as good for everyday accounts and 80–100+ bits as strong enough for high-value accounts like email or banking. This tool shows the live bit estimate as you adjust length and character classes, so you can target a number, not just a label.
Are my passwords sent anywhere or logged?
No — generation happens entirely client-side using the Web Crypto API (crypto.getRandomValues). Nothing is uploaded, and nothing is stored once you leave or refresh the page.
Is a 12-character password with symbols strong enough?
It depends on the account. Twelve mixed-class characters land in the "good" range on the meter here, which is reasonable for a low-value account, but for anything protecting money or sensitive data, going to 16–20+ characters gives a much larger safety margin.
Does adding more symbols always make a password stronger?
Symbols help, but only by expanding the character set — once all four classes (upper, lower, digits, symbols) are enabled, extra length contributes more to entropy than swapping in more symbols. Length is the biggest lever you have.
Can a strong password still be guessed?
A sufficiently long, randomly generated password from this tool is not practically guessable by brute force. The real risks are phishing, data breaches at a site you use, or reusing the same password elsewhere — a password manager plus unique passwords per site closes those gaps.
Why does the strength meter change color as I type settings?
The meter recalculates entropy live from the current length and enabled character classes, so you get instant feedback while tuning a password rather than having to generate one first to see how strong it is.