Create strong random passwords — adjustable length, character types, ambiguous-character exclusion, entropy estimate. Cryptographically random via Web Crypto. Runs in your browser.
Longer passwords and larger character sets raise entropy. This is a mathematical estimate — use a password manager and avoid reuse across sites.
Password strength comes from three properties. Compromising any one of them makes a password crackable regardless of how the other two look.
Length
Each additional character multiplies the search space by the charset size. Going from 8 to 16 characters with an 86-character pool raises the attacker's work from 2⁵² possible passwords to 2¹⁰³ — a factor of over two billion times harder. Length is the highest-leverage variable.
Charset size
Adding a new character type (for example, enabling symbols on top of letters and digits) expands the pool from 62 to 86 characters. That adds ~0.47 bits per position — equivalent to ~1.5 extra characters at the same pool size. Useful, but less impactful than increasing length.
True randomness
A password built from a real random process has full entropy for its length. A password chosen by a human — even one that "looks random" — is vulnerable to pattern-based attacks. Humans predictably capitalise the first letter, append a number, and end with a symbol. Attackers exploit these patterns.
Entropy is calculated as length × log₂(charset size). The symbol set used here is !@#$%^&*()_+-=[]{}.,?:|~ (24 characters — backtick and space are excluded to prevent paste issues in terminals and config files).
| Configuration | Pool size | Entropy at 12 chars | Entropy at 16 chars |
|---|---|---|---|
| Lowercase only (a–z) | 26 | 56 bits | 37 bits |
| Lowercase + uppercase | 52 | 68 bits | 91 bits |
| Letters + numbers | 62 | 72 bits | 96 bits |
| All types — default (letters + numbers + symbols)Default | 86 | 77 bits | 103 bits |
| All types, exclude ambiguous | 79 | 75 bits | 101 bits |
These estimates assume an attacker is cracking offline at 1 trillion (10¹²) guesses per second — realistic for a leaked MD5 or SHA-1 password hash on modern GPU clusters. Bcrypt and Argon2 are orders of magnitude slower, making even "fair" passwords much harder to crack in practice. Treat this table as a worst-case comparison.
| Entropy | Example | Time at 1T guesses/sec | Strength |
|---|---|---|---|
| 37 bits | 8 chars, lowercase only | Under 1 second | Weak |
| 52 bits | 8 chars, all types | ~52 minutes | Fair |
| 77 bits | 12 chars, all types | ~38,000 years | Strong |
| 103 bits | 16 chars, all types (default) | ~40 trillion years | Very strong |
| 129 bits | 20 chars, all types | Longer than the universe | Very strong |
crypto.getRandomValues — not Math.randomMany quick-and-dirty password generators use Math.random() because it is simple. This is a security mistake.
Math.random() — a PRNG
Math.random() is a pseudo-random number generator (PRNG). It produces numbers from a deterministic algorithm seeded at startup. Given enough observed output, an attacker can reconstruct the internal state and predict all future (and past) values. It is explicitly not suitable for security use — the ECMAScript specification notes it "does not provide cryptographically secure random numbers".
crypto.getRandomValues() — a CSPRNG
crypto.getRandomValues() is a cryptographically secure pseudo-random number generator (CSPRNG) backed by the operating system entropy pool — fed by hardware events, thermal noise, and interrupt timing. Its output cannot be predicted from prior values. This tool also applies rejection sampling: when the raw random value falls outside an unbiased range, it discards it and draws again, eliminating modulo bias that would slightly favour lower character indices.
Each mistake below is crackable by tools freely available to attackers. Understanding the mechanism helps you internalise why the rules exist.
1. Using a word or phrase you can remembermost critical
Sunshine2024!k#9mPqL2$vNx@5rBDictionary attacks and rule-based mutations (word + year + symbol) crack memorable patterns in seconds. If you can remember a password without a manager, an attacker can guess it.
2. Reusing passwords across sites
MyPassword1! (used on 12 sites)Unique password per site — stored in a password manager81% of data breaches involve reused or weak passwords (1Password, 2023). One compromised site exposes every other account sharing that password — known as credential stuffing.
3. Using 8 characters when 16 is available
8-char password: 52 bits (fair)16-char password: 103 bits (very strong)Length is the highest-leverage variable. Doubling length adds twice as many bits of entropy as switching from letters-only to letters+symbols. At 1 trillion guesses per second, 8 chars takes under an hour; 16 chars takes trillions of years.
4. Rolling your own randomness (Math.random)
Math.random().toString(36).slice(2)crypto.getRandomValues(new Uint32Array(1))Math.random() is a pseudo-random number generator (PRNG) seeded at startup — its output is deterministic and can be predicted after observing enough values. crypto.getRandomValues() draws from the OS entropy pool (hardware events, thermal noise), which is cryptographically secure.
5. Counting symbols as a "complexity substitute" for length
Pa$$w0rd (8 chars, looks complex)correct-horse-battery (22 chars, no symbols needed)A password with common substitutions (a→@, o→0, s→$) is immediately cracked by rule-based attacks. A 22-character passphrase from random words has ~77 bits of entropy against a 7,776-word list — stronger than most 10-char "complex" passwords.
Yes. Passwords are generated using the Web Crypto API's crypto.getRandomValues() — the browser's cryptographically secure random number generator (CSPRNG). It draws from the operating system's entropy pool, which is seeded by hardware events. Generation happens entirely in your browser; the page makes zero network requests containing your passwords. You can verify this by opening DevTools → Network while generating.
Math.random() is a pseudo-random number generator (PRNG) — it produces a deterministic sequence from a seed value. Given enough output, the internal state can be reconstructed, making future values predictable. crypto.getRandomValues() is a cryptographically secure PRNG (CSPRNG) seeded by the OS entropy pool (hardware interrupts, thermal noise, disk timing). It cannot be reverse-engineered from its output.
Entropy is estimated as length × log₂(N), where N is the number of distinct characters in the combined pool. With all character types enabled the pool is 86 characters, giving log₂(86) ≈ 6.43 bits per position. A 16-character password therefore has roughly 103 bits of entropy. Note: the tool guarantees at least one character from each enabled class, which very slightly reduces theoretical entropy for short passwords, but in practice this makes no measurable difference.
Strength is derived from estimated entropy bits: Weak is below 36 bits (crackable in seconds at 1 trillion guesses per second); Fair is 36–59 bits (minutes to hours); Strong is 60–99 bits (thousands to billions of years); Very strong is 100+ bits (longer than the age of the universe). The default 16-character, all-types password produces approximately 103 bits — Very strong.
Enabling this option removes characters that look identical in many fonts: 0 (zero) and O (capital O), 1 (one) and l (lowercase L) and I (capital i), and the pipe | character. The excluded set is exactly: 0, O, o, 1, l, I, |. Use this option when you need to read the password aloud, type it from a screenshot, or share it without a manager.
With unique characters enabled, no character appears more than once in the password. This reduces the effective pool for later positions — for example, picking 16 characters from a pool of 86 without replacement means the 16th pick has only 71 candidates, slightly lowering entropy compared to independent picks. The tool enforces the constraint mathematically: if your length exceeds the total pool size (e.g., 11 characters from digits-only, where the pool is just 10), you will see an error.
Both can be secure at sufficient entropy. A random password like "k#9mPqL2$vNx@5rB" is 103 bits and impossible to remember without a manager. A passphrase built from four or more truly random words (e.g., from a 7,776-word Diceware list) reaches ~52 bits per word-pair and is far easier to type. Use a random password for accounts stored in a manager; use a passphrase for your master password or any password you must memorise.
Use a reputable password manager — Bitwarden (open source, free tier), 1Password, or your browser's built-in keychain. Never store passwords in plain text files, spreadsheets, or sticky notes. A manager encrypts your vault with your master password; even if the manager's servers are compromised, your passwords remain ciphertext without the master key.