A strong password resists guessing and brute-force attacks. The two factors that matter most are length and unpredictability. Length is straightforward: longer passwords have more possible combinations. Unpredictability requires a truly random source rather than a person's mental shortcut. This tool generates passwords using the browser's crypto.getRandomValues, which is a cryptographically secure random source backed by the operating system. You pick the length and character pool (uppercase letters, lowercase letters, digits, symbols) and the generator produces a fresh password each time. The entropy meter shows the bits of entropy in the result, which is a precise measure of how hard the password would be to guess by an attacker who knows your generation parameters but not the password itself.
Frequently asked questions
Entropy in bits measures the number of equally-likely possible passwords. Each bit doubles the possibilities. A 40-bit password has about a trillion possibilities; a 60-bit password has about a quintillion; a 100-bit password has more possibilities than atoms in a human body. Modern guidance: 60 bits is acceptable for ordinary accounts, 80+ bits for important accounts, 100+ bits for accounts containing significant assets or sensitive data.