Password Generator

Security experts recommend at least 16 characters for important accounts (banking, email, work). For maximum security, use 20+ characters. Longer passwords are exponentially harder to crack — a 20-character random password with mixed characters has over 130 bits of entropy, making brute-force cracking computationally infeasible.

Entropy (measured in bits) quantifies how unpredictable a password is. Formula: Entropy = log₂(charset_size) × length. A 16-character password using uppercase, lowercase, numbers, and symbols (95 character set) has log₂(95) × 16 ≈ 105 bits of entropy. Aim for 60+ bits for decent security, 80+ bits for sensitive accounts.

Passphrases (e.g. "correct-horse-battery-staple") can be easier to remember while remaining very secure. A 4-word passphrase from a 7,776-word list has about 51 bits of entropy. A 6-word passphrase gives ~77 bits. Random character passwords are more compact for the same entropy. Use a password manager for random passwords — no memorisation needed.

Yes — this generator uses the Web Crypto API (crypto.getRandomValues()) which provides cryptographically secure randomness — not the weaker Math.random(). Passwords are generated entirely in your browser and are never sent to any server. Close the tab and the passwords are gone.