Is this password generator secure?

Yes. It uses crypto.getRandomValues(), a cryptographically secure random number generator built into your browser. No passwords are sent to any server or stored anywhere.

What password length should I use?

We recommend at least 16 characters with all character types enabled. For high-security accounts, use 20 or more characters.

Why should I include symbols?

Symbols dramatically increase the character set size, which exponentially increases the number of possible combinations. A 12-character password with symbols is much stronger than one without.

How is crack time estimated?

The estimate assumes a brute-force attack at 10 billion guesses per second (a realistic rate for a modern GPU cluster). Real-world crack times depend on the hashing algorithm used and the attacker's resources.

Password Generator - Create Strong Random Passwords

What a Strong Password Actually Is

A password is strong when an attacker cannot guess it within a useful time horizon, given the attack model they are running. Strength is not about having a capital letter and an exclamation mark — those superficial "complexity rules" were quietly retired by NIST in 2017 because they push users toward predictable transformations like Password1!. The current standard, NIST Special Publication 800-63B, defines strength purely in terms of entropy — the binary logarithm of the number of equally likely passwords your generation process could produce. A randomly generated 16-character password with mixed case, digits, and symbols has roughly 100 bits of entropy. A human-typed "P@ssword2026" has perhaps 25, because attackers know exactly which substitutions humans favour and run dictionaries of those patterns first.

This generator uses the browser's Web Crypto API (crypto.getRandomValues) — the same cryptographically secure RNG used by TLS handshakes and signing libraries — so every character is independently and uniformly drawn from your selected character set. The output is never sent to a server, never logged, and never reused. NIST's 2020 update of 800-63B recommends a minimum length of 8 characters for user-chosen passwords (which are weak per character) and explicitly endorses 64+ characters for randomly generated ones. Use the longest password your service allows; length adds entropy faster than complexity ever can.

The Entropy Formula

Entropy in bits is the standard, vendor-neutral way to compare passwords. It tells you the base-2 logarithm of the search space an attacker has to traverse on average — and because every extra bit doubles that space, even a few extra characters of length translate to enormous gains.

Entropy: H = log₂(N^L) = L × log₂(N)

where N = character pool size, L = length

Average crack time: 2^H ÷ (2 × guesses/sec)

A 12-character password drawn from 95 printable ASCII characters has 12 × log₂(95) ≈ 78.8 bits. A 16-character password from the same set has 105.1 bits. Doubling length more than doubles entropy because the relationship is exponential. This is also why passphrases — five random words from a 7,776-word EFF Diceware list — yield about 64.6 bits at five words and 77.5 bits at six, despite being far easier to type and remember than a symbol soup.

How to Use Step-by-Step

Set the length. 16 characters is a sensible default; 20+ is appropriate for accounts that protect financial assets, root infrastructure, or recovery secrets.
Enable every character class your target service accepts. Symbols add the most entropy per character; disabling them only to satisfy a flaky form is acceptable but extend the length to compensate.
Click Generate Password. The Web Crypto RNG draws a fresh, uniform sample from your selected pool.
Copy the result directly into a password manager (1Password, Bitwarden, KeePassXC, Apple Keychain). Never store passwords in plaintext, in email, or in chat history.
Verify the strength meter reports at least Strong (≥ 80 bits). Anything below 60 bits is considered insufficient against modern offline attacks per NIST.

Worked Examples

Example 1 — 12 chars, alphanumeric only

Pool N = 26 + 26 + 10 = 62. Entropy = 12 × log₂(62) = 71.5 bits. At 100 billion MD5 guesses/sec, average crack time ≈ 2^71.5 ÷ 2 × 10¹¹ ≈ 558 years. Adequate today, but should be considered transitional given GPU price-performance trends.

Example 2 — 16 chars with symbols

Pool N = 26 + 26 + 10 + 26 = 88 (this generator's symbol set). Entropy = 16 × log₂(88) ≈ 103.4 bits. Even at 10 trillion guesses/sec on a hypothetical future cluster, average crack time exceeds the age of the universe by many orders of magnitude.

Example 3 — EFF Diceware passphrase

Six words randomly selected from EFF's 7,776-word list: "correct horse battery staple amber forge". Entropy = 6 × log₂(7776) ≈ 77.5 bits. Comparable to a 13-character random password but vastly easier to type into a phone keyboard. The classic xkcd comic on this is the canonical reference.

Crack Times by Entropy and Hardware

Entropy	Online (10 / sec)	Offline GPU (10¹⁰ / sec)	Hashcat cluster (10¹² / sec)
40 bits	3,500 years	1.8 minutes	1.1 seconds
60 bits	3.6 billion years	1.8 years	19 minutes
80 bits	3.8 × 10¹⁵ years	1.9 million years	19 thousand years
100 bits	heat death of universe	2 × 10¹² years	2 × 10¹⁰ years
128 bits	cryptographic ceiling	5 × 10²⁰ years	5 × 10¹⁸ years

These are average-case figures (half the search space). Actual rates depend heavily on the hash function used. Fast hashes like MD5, SHA-1, and unsalted SHA-256 are GPU-friendly; modern password hashes (Argon2id, scrypt, bcrypt) deliberately slow down attackers by 4–6 orders of magnitude. A 60-bit password protected by Argon2 with sensible parameters is far stronger than an 80-bit password stored as raw SHA-256.

Passwords vs Passphrases vs Passkeys

Passwords are short random strings. They maximise entropy per character but are painful on mobile keyboards. Passphrases are sequences of randomly chosen words — the EFF Diceware system is the gold standard — and trade slightly lower entropy density for huge gains in memorability and typability. Passkeys (FIDO2 / WebAuthn) replace passwords entirely with public-key cryptography stored on your device; they cannot be phished or leaked from a server breach because the server only ever sees a public key. Where passkeys are available (Apple, Google, Microsoft, GitHub, etc.) they should be preferred. Where they are not, generate a unique random password per site and store it in a password manager — using the same password across sites is the single largest contributor to credential-stuffing attacks.

Common Misconceptions

"Adding a special character makes my password strong." Only marginally. Length and randomness dominate; adding one symbol to a short password barely moves the entropy.
"I should change my passwords every 90 days." NIST SP 800-63B explicitly removed this guidance in 2017. Forced rotation pushes users to predictable variations. Rotate only when there is evidence of compromise.
"A password manager is a single point of failure." The alternative — reusing passwords or storing them in browsers without a master key — is provably worse. A reputable manager with a strong master passphrase and 2FA is the recommended baseline.
"Long but obvious is fine — 'welcome2thejungle' is 18 chars." No. Phrase entropy is bounded by the dictionary an attacker can search, not by character count. Random word selection is essential.
"Math.random() is good enough." It is not — Math.random is a deterministic PRNG seeded from observable state. Always use crypto.getRandomValues for any security-relevant randomness.
"Two-factor authentication makes password strength irrelevant." 2FA adds resilience but does not protect against phishing of one-time codes or session-token theft. Password strength still matters.

Frequently Asked Questions

Is this generator cryptographically secure?

Yes. It calls the browser's Web Crypto API (crypto.getRandomValues), which is required by the W3C spec to use a cryptographically strong source. The same primitive backs TLS, WebAuthn, and most browser-side cryptography.

What length should I use?

NIST 800-63B recommends a minimum of 8 for user-generated and supports up to 64+ for randomly generated. For practical use, 16 characters with all classes enabled gives ~100 bits — beyond the reach of any current or near-future attacker. 20+ for high-value secrets.

Should I memorise my passwords?

Memorise only the master passphrase to your password manager and recovery passphrase for any end-to-end-encrypted services. For everything else, let the manager generate and store unique random passwords per site.

Why does crack time depend on the hash algorithm?

Fast hashes (MD5, SHA-1, plain SHA-256) let attackers test billions of guesses per second on cheap GPUs. Slow, memory-hard hashes (Argon2, scrypt, bcrypt) deliberately bottleneck attempts — a deliberate Argon2 configuration can drop offline guess rates below 10,000/sec.

Are passphrases really as strong as random passwords?

When generated by rolling dice on the EFF list (or equivalent uniform random selection), yes — bit for bit. The catch is that "passphrases" chosen by humans (favourite quotes, song lyrics) have far less entropy because attackers seed dictionaries with such corpora.

Is my data stored?

No. Generation runs entirely in your browser. The password is never sent to a server, never logged, and is discarded the moment the tab closes. Even network-tab inspection in DevTools will show no outbound traffic from this calculator.

References

National Institute of Standards and Technology. NIST SP 800-63B — Digital Identity Guidelines: Authentication and Lifecycle Management. Latest revision.
Electronic Frontier Foundation. Deep Dive: EFF's New Wordlists for Random Passphrases. 7,776-word Diceware list.
FIDO Alliance & W3C. Web Authentication: An API for accessing Public Key Credentials Level 3 (WebAuthn / passkeys specification).
Open Web Application Security Project. OWASP Authentication Cheat Sheet and Password Storage Cheat Sheet.
Bonneau J, Herley C, van Oorschot PC, Stajano F. The Quest to Replace Passwords. IEEE S&P 2012.