Password Generator

About Password Generator

Strong, unique passwords are the first line of defense against credential-based attacks. This generator uses the Web Crypto API (crypto.getRandomValues), which provides cryptographically secure pseudo-random numbers -- the same level of randomness used for generating encryption keys and cryptographic tokens. A password generated with cryptographically secure randomness and a character set of 95 printable ASCII characters at 16 characters long has approximately 10^31 possible combinations, making brute-force attacks computationally infeasible with current technology.

Password Security Quick Reference

Password strength is measured by entropy, calculated as log2(charset_size ^ length). A 16-character password using uppercase, lowercase, digits, and symbols (95 characters) has approximately 105 bits of entropy. For comparison, 8 characters with the same charset provides only 52 bits -- which modern GPUs can crack in hours. NIST SP 800-63B recommends a minimum of 8 characters for user-chosen passwords but suggests supporting at least 64 characters. The most secure approach is using a password manager with randomly generated passwords of 16+ characters.

Avoid common password pitfalls: dictionary words, keyboard patterns (qwerty, 123456), personal information (birthdays, names), and reusing passwords across services. Over 80% of data breaches involve compromised credentials, according to Verizon's DBIR report. For maximum security, pair strong passwords with two-factor authentication (2FA) using a TOTP app like Google Authenticator or a hardware security key (FIDO2/WebAuthn). All password generation in this tool happens entirely in your browser -- no passwords are ever transmitted or stored on any server.