Password Generator

NIST recommends at least 8 characters minimum, but 16+ characters is strongly recommended. Longer passwords are exponentially harder to crack. Tip: a 4-word passphrase (correct-horse-battery-staple style) is both strong and memorable — aim for 20+ characters total.

Length is the most important factor, followed by randomness. A truly random 16-character password with mixed character types is extremely strong. Avoid dictionary words, personal info, patterns (123456, qwerty), and reusing passwords across sites. Tip: use a password manager and generate unique random passwords for every account.

Adding special characters (!@#$%) increases the character pool from 62 to 95, making brute-force attacks harder. However, a longer password with only letters/numbers beats a shorter one with special characters. Tip: if a service limits password length, maximize complexity; if length is unlimited, focus on length.

A passphrase is a sequence of random words (e.g., 'timber-galaxy-seven-orchid'). It's easier to type and remember than random characters while being equally secure. A 4-word passphrase from a large dictionary (~7,776 words) provides ~51 bits of entropy. Tip: avoid famous quotes, song lyrics, or common phrases — use truly random word selection.

Strength is measured in bits of entropy: log2(pool_size^length). A 12-character password with uppercase, lowercase, digits, and symbols has ~79 bits. 80+ bits is considered very strong. Tip: this tool shows the entropy and estimated crack time so you can see exactly how strong your generated password is.