Password Generator

A strong password is long, random, and uses a variety of character types. Human-chosen passwords are nearly always weaker than randomly generated ones because people are predictable — they gravitate toward words, names, dates, keyboard patterns, and simple character substitutions (@ for a, 3 for e). An attacker exploiting this predictability can guess most human passwords far faster than a truly random password of equal length.

Password entropy quantifies unpredictability. Each bit of entropy doubles the number of guesses required for an exhaustive brute-force search. A random 16-character password drawn from the full printable ASCII set (95 characters) has about 105 bits of entropy — an astronomically large search space. A 12-character password using only lowercase letters has only 56 bits, which is much more feasible to attack with modern hardware.

For passwords you must remember, a passphrase — several random words joined together — balances security and memorability. Four to six random words provide 50–80 bits of entropy depending on the wordlist size. For all other passwords, use a password manager and generate a unique random password for each service. Never reuse passwords: a credential breach at any service exposes all accounts sharing that password.