Password Generator

Password security tips

• Use a unique password for every account — reusing passwords means one breach exposes all your accounts.
• Aim for at least 16 characters for important accounts like email, banking, and social media.
• Include a mix of uppercase, lowercase, numbers, and symbols to maximise entropy.
• Store passwords in a reputable password manager such as Bitwarden, 1Password, or your browser's built-in manager.
• Enable two-factor authentication (2FA) on every account that supports it — a strong password plus 2FA is far harder to compromise than a password alone.

How passwords are generated

All passwords are generated entirely in your browser using crypto.getRandomValues() — a cryptographically secure random number generator built into every modern browser. No passwords are transmitted to a server. Your generated passwords never leave your device.

What makes a password strong?

Password strength is measured in entropy bits — a measure of how unpredictable the password is. A 12-character password using only lowercase letters has about 56 bits of entropy. Adding uppercase, numbers, and symbols to a 16-character password raises that to over 100 bits, which would take billions of years to brute-force even with specialised hardware. Length has the biggest impact: every extra character multiplies the number of possibilities by the size of the character set.

Common password mistakes to avoid

• Dictionary words — even with letter substitutions like p@ssw0rd, these are easily cracked by modern tools.
• Personal information — names, birthdays, phone numbers, and pet names are the first things attackers try.
• Short passwords — anything under 10 characters can be brute-forced in seconds with modern hardware.
• Sequential patterns — 123456, abcdef, or qwerty are among the most common passwords found in breach databases.