StringToolsStringTools

Password Generator

Generate cryptographically secure passwords, passphrases, and PINs. Runs entirely in your browser — nothing is ever sent to a server.

Mitul MandankaFounder, Progragon Technolabs · 15+ years building software
Updated June 20268 min read
Options
16
8128
1
010
1
010
Generated
0 chars🔒 Browser-only

TL;DR

The one number that decides whether a password survives an offline attack is its entropy in bits, calculated as length × log2(charset size). Length matters more than "complexity": a 5-word random passphrase (~65 bits) beats a typical 8-character mixed password (~52 bits) and is easier to type. This tool draws randomness from the browser's crypto.getRandomValues(), not Math.random(). Aim for ~75+ bits on important accounts, store everything in a password manager, use a unique password per site, and turn on 2FA.

What "password strength" actually measures

Strength meters that say "Weak / Medium / Strong" are estimating one underlying quantity: entropy, the number of bits of unpredictability in the password. For a password built by picking each character independently and uniformly at random from a pool, the formula is exact:

entropy (bits) = length × log2(charset size)

Example: 16 chars from the 94 printable ASCII symbols
       = 16 × log2(94)
       = 16 × 6.555
       ≈ 105 bits

Each extra bit doubles the number of guesses an attacker must make. That is why this is the only honest way to compare passwords. Two consequences surprise most people:

  • Length beats complexity. Adding one character to a 94-symbol password adds ~6.55 bits. Switching a 12-character password from lowercase-only (26) to all-symbols (94) adds only ~22 bits total — about the same as adding 3 more characters.
  • The formula only holds for truly random passwords. If you choose the characters yourself (a word, a date, P@ssw0rd!), the real entropy is far lower than the formula suggests, because attackers guess human patterns first.

The charset sizes used throughout this page: digits = 10, lowercase = 26, lower+digits = 36, mixed-case letters = 52, alphanumeric = 62, and full printable ASCII (letters, digits, and ~32 symbols) ≈ 94.

Entropy and estimated offline crack time by length & charset

The table below shows the entropy for several length/charset combinations and a rough, order-of-magnitude crack-time tier. Bits are computed with length × log2(charset). Crack times assume an attacker who already has the leaked password hash and runs an offline attack against a fast, unsalted hash (e.g. MD5/NTLM) at ~1 trillion (10^12) guesses per second — a realistic figure for a high-end multi-GPU rig. Time shown is to exhaust half the keyspace (the average expected number of guesses).

LengthCharacter set~EntropyEst. offline crack time
8Digits only (PIN)~27 bitsInstant (< 1 sec)
8Lowercase + digits (36)~41 bitsSeconds
8All types (~94)~52 bitsUnder an hour
12Lowercase + digits (36)~62 bitsDays to weeks
12All types (~94)~79 bitsThousands of years
16All types (~94)~105 bitsAstronomical (>> age of universe)
20All types (~94)~131 bitsAstronomical (>> age of universe)
3 wordsPassphrase (EFF 7776-word list)~39 bitsInstant to minutes
4 wordsPassphrase (EFF 7776-word list)~52 bitsUnder an hour
5 wordsPassphrase (EFF 7776-word list)~65 bitsMonths to years
6 wordsPassphrase (EFF 7776-word list)~78 bitsThousands of years

These are deliberately rough tiers, not precise predictions. Change the assumed guess rate and every number moves: a slow, properly salted hash like bcrypt or Argon2id caps a single GPU at roughly tens of thousands of guesses per second, making even ~52-bit passwords take years — while a future attacker with a larger cluster guesses faster than 10^12/sec. Use the entropy column, which does not depend on the attacker, as your real comparison metric.

Why a 5-word passphrase can beat a complex 8-character password

When words are chosen by a computer uniformly at random from a known list, each word contributes a fixed, calculable amount of entropy. The Electronic Frontier Foundation's large diceware list has 7,776 words, so each random word adds log2(7776) ≈ 12.9 bits.

5 random words × 12.9 bits  ≈ 65 bits
8 random "all types" chars  ≈ 52 bits

correct-horse-battery-staple-anchor   (memorable, ~65 bits)
Tq7%vR2!                              (hard to type, ~52 bits)

The catch is the word "random." A passphrase is only as strong as its selection process: words you picked yourself because they mean something to you carry almost no entropy. The strength comes entirely from a cryptographic random source choosing the words for you — which is exactly what this generator's passphrase mode does. Use passphrases for the handful of secrets you must memorize (your password-manager master password, your device login); use long random character strings, stored in the manager, for everything else.

How this generator produces randomness (and why it matters)

The entropy formula assumes every character is equally likely and unpredictable. That guarantee is only as good as the random number generator behind it. This tool uses the Web Crypto API:

  • Cryptographically secure source. Characters are selected with crypto.getRandomValues(), the browser's CSPRNG seeded by the operating system. Unlike Math.random(), its output is designed to be unpredictable even to someone who has seen previous outputs.
  • No modulo bias. A naive random % charsetSize skews probabilities toward lower characters when the range does not divide evenly. A correct generator rejects and re-draws out-of-range values so every character stays equally likely — preserving the full entropy.
  • Nothing leaves your device.The site is a static export with no backend. Generation runs in your browser's JavaScript engine; passwords are never transmitted, logged, or stored. Close the tab and they are gone. You can confirm this in DevTools → Network: generating a password makes zero outbound requests.

A strong password is necessary but not sufficient

Most real-world account takeovers do not involve brute-forcing a strong password at all. They involve reuse, phishing, and breaches. High entropy protects you against one specific threat (offline cracking); these habits protect you against the rest:

  • Use a unique password for every account. When one site is breached, attackers replay that email/password pair against banks, email, and stores — a technique called credential stuffing. A unique password contains the damage to one account.
  • Use a password manager. Unique 16+ character passwords everywhere is only realistic if software remembers them. A reputable manager generates, stores, and autofills them; you memorize exactly one strong master passphrase.
  • Turn on two-factor authentication (2FA). Even a perfect password can be phished or keylogged. A second factor — preferably an authenticator app or a hardware security key (FIDO2/WebAuthn) rather than SMS — blocks login without it.
  • Prioritize your email and password-manager accounts. Whoever controls your email can reset most of your other passwords. Give those two the longest, most unique credentials and the strongest second factor you have.

Disclaimer: This page is general security education, not professional security advice, and the crack-time figures are rough estimates that depend heavily on attacker hardware and how the target site stores passwords (hash algorithm, salting, rate limiting). Use the entropy values for comparison and follow the published guidance of your organization or a qualified security professional for high-stakes accounts.

Frequently asked questions

How long should my password actually be?

Think in entropy, not character count. For a random password using all character types (~6.55 bits each), 12 characters gives ~79 bits, which is comfortably strong for everyday accounts. For email, banking, and your password-manager master password, aim for 16+ characters (~105 bits) or a 6-word passphrase (~78 bits). NIST's current guidance (SP 800-63B) emphasizes length over forced complexity rules and supports passphrases.

Is a passphrase really as secure as a random password?

Yes, if the words are chosen randomly by software, not by you. Each word from the 7,776-word EFF list adds ~12.9 bits, so a 5-word passphrase (~65 bits) exceeds a typical 8-character mixed password (~52 bits) and is far easier to type. A passphrase you invented yourself from meaningful words is much weaker, because attackers guess human patterns first.

Are the crack times on this page exact?

No — they are deliberately rough, order-of-magnitude estimates. They assume an offline attack against a fast, unsalted hash at ~1 trillion guesses per second. If the target site uses a slow, salted hash like bcrypt or Argon2id, the same password survives vastly longer; with a larger future cluster, slightly less. The entropy column is the stable comparison metric because it does not depend on the attacker.

Why is the Web Crypto API better than Math.random()?

Math.random() is a fast pseudo-random generator never designed for security; its internal state can be reconstructed from a few outputs, making future values predictable. crypto.getRandomValues()is a cryptographically secure generator (CSPRNG) seeded by the operating system, built to be unpredictable. For passwords, the difference between "looks random" and "is unpredictable to an attacker" is the whole point.

Is it safe to generate passwords on a website?

With this tool, generation happens entirely in your browser and nothing is sent to a server — you can verify zero network requests in DevTools. That said, for your most sensitive credentials many people prefer the generator built into their password manager, which creates the password and stores it in one trusted step. Either way, avoid pasting a generated password into anything but the intended site and your password manager, and never email or message it to yourself.

Does excluding ambiguous characters or symbols weaken my password?

Slightly, but it is usually a fair trade. Removing ambiguous characters (0/O, l/1/I) or symbols shrinks the charset, lowering bits-per-character — so you lose a little entropy per character. The fix is simple: add one or two characters of length to make it back. A 17-character alphanumeric password is as strong as a 16-character one with symbols, and avoids sites that reject certain symbols or fonts that make characters hard to distinguish.