Password Generator
Generate cryptographically secure passwords using your browser's random number generator. Never sent anywhere.
StrengthStrong
Password Security: Why Strong Unique Passwords Are Non-Negotiable
The average person has 100+ online accounts. Data breaches exposed 6 billion+ records in 2023. 80% of hacking-related breaches involve weak or reused passwords. Using the same password across sites means one breach compromises all accounts. Our password generator uses the Web Crypto API (browser-level cryptographic randomness) — far more secure than Math.random() — to generate passwords that would take millions of years to crack by brute force.
Frequently Asked Questions
How long should a password be in 2024? ▼
NIST (2024 guidelines): minimum 8 characters required, 15+ characters recommended, 64+ characters supported. A 12-character random password with mixed case, numbers and symbols has ~72 bits of entropy — would take over 100 trillion years to brute-force. A 16-character password is effectively uncrackable with current technology.
What makes a strong password? ▼
Strong password criteria: 12+ characters (16+ for critical accounts), mix of uppercase, lowercase, numbers and symbols, no dictionary words or personal info (name, birthday, city), unique to each site. Avoid: sequential patterns (1234, abcd), keyboard walks (qwerty, asdf), common substitutions (@ for a, 3 for e) — hackers test these.
Should I use a password manager? ▼
Yes — password managers (Bitwarden, 1Password, Dashlane) are the only practical way to use unique strong passwords for 100+ accounts. They store encrypted passwords and auto-fill them. Enable 2FA on your password manager for an extra security layer. Google Password Manager (free, built into Chrome/Android) is a solid starting point.
How do hackers crack passwords? ▼
Methods: (1) Dictionary attacks — trying common words, (2) Brute force — trying every combination (feasible for < 8 chars), (3) Credential stuffing — using email/password pairs from previous breaches, (4) Rainbow tables — precomputed hash lookups (countered by salting). Random 16-character passwords defeat all these methods.
What is two-factor authentication and do I need it? ▼
2FA (Two-Factor Authentication) adds a second verification step beyond password — usually a one-time code from an app (Google Authenticator, Authy) or SMS. Even if your password is stolen, 2FA prevents unauthorised access. Enable 2FA on: email, banking, social media, payment apps and any account with sensitive data.