Password Generator

Password strength depends on entropy, which represents possible combinations an attacker must guess. Length matters more than complexity - a 16-character password using all character types provides trillions of possible combinations. Aim for at least 16 characters for high-security accounts.

Enable all character types for maximum entropy. Each enabled set increases the character pool, making passwords harder to crack. For most accounts, uppercase, lowercase, numbers, and symbols combined provides strong security. For systems with restrictions, use what is available.

Avoid dictionary words, personal information (birthdays, names), keyboard patterns (qwerty, asdf), sequential characters (abc123), and leet speak substitutions (p@ssw0rd). Attackers use dictionaries and common password databases that include these patterns. Even adding numbers at the end of a word provides minimal protection.

Use a password manager to generate, store, and auto-fill unique passwords for each account. This allows you to use truly random, high-entropy passwords without memorization. Alternatively, use passphrases combining random words like "correct-horse-battery-staple" for accounts where you need to remember it.

No. All password generation uses cryptographically secure random number generation locally in your browser. Your generated passwords never leave your device. The crypto.getRandomValues() API provides truly random values suitable for security-sensitive applications.

Passphrases are longer sequences of random words instead of complex character combinations. "correct-horse-battery-staple" has higher entropy than "Tr0ub4dor&3" but is easier to remember. They are useful for master passwords or accounts where you cannot use a password manager.