AI CalculatorAI Calculator

    Password Generator

    Generate secure, random passwords with customizable options

    16 characters

    How It Works

    Overview

    A password generator produces strong, unpredictable passwords using a cryptographically secure random number generator (CSPRNG). Unlike picking a password yourself, a generated one has no patterns, no dictionary words, and no personal information an attacker could guess. Every character is drawn independently from the alphabet you chose, which is exactly what makes it resistant to brute force and dictionary attacks.

    This generator uses the browser's built-in crypto.getRandomValues — the same API that secures HTTPS handshakes — so the output is suitable for production accounts, encryption keys, and any password that protects valuable data. Generation happens entirely on your device; nothing is sent to a server. The strength meter rates each result based on length and character variety, the two factors that determine how long a password would resist a modern cracker.

    The Formula

    Entropy (bits) = log₂(alphabet_size ^ length)

    Entropy measures how unpredictable a password is. Each bit doubles the number of possible passwords an attacker must try. The alphabet size depends on which character types you enable:

    • Lowercase only: 26 symbols
    • Lowercase + uppercase: 52 symbols
    • Letters + digits: 62 symbols
    • All four types (letters, digits, symbols): ~94 symbols

    Cracking time roughly equals (keyspace ÷ 2) ÷ guesses-per-second. Modern offline attackers can try billions of guesses per second against weak hashes, so passwords with under 60 bits of entropy fall in hours; 80+ bits hold up for years even against well-funded attackers.

    Worked Example

    Compare three passwords by entropy:

    • password123 — common dictionary word + digits, found in seconds. Effective entropy is near 0 because it's in every breach list.
    • Tr0ub4dor&3 — 11 chars, mixed types: about 72 bits of raw entropy, but the leetspeak pattern makes it weaker in practice.
    • m9#KqL2!vR8nXp$Y — 16 random chars from a 94-symbol set: 105 bits of entropy. At a trillion guesses per second it would take roughly 10²² years on average to crack.

    A 16-character password from all four character types is overkill for most websites but exactly right for password manager master passwords, encryption keys, and admin accounts.

    When to Use This

    • New account signups — generate one and store it in your password manager before you finish the form.
    • Updating reused or breached passwords — check your email at haveibeenpwned.com and rotate any matches.
    • Master passwords — for password managers, encryption tools (VeraCrypt, GPG), and disk encryption. Use 20+ characters or a 6-word passphrase.
    • API keys, database passwords, service accounts — long machine-typed passwords that humans never read.
    • Wi-Fi networks — replace the default router password with 16+ random characters; it's typed once per device and stored.
    • Temporary or one-time passwords — invitations, password resets, kiosk logins.

    Common Mistakes to Avoid

    • Reusing the password across sites. One breach exposes every account that shares it. Always generate a unique password per service.
    • Storing passwords in a notes app or spreadsheet. Use a real password manager — they encrypt locally and sync safely between devices.
    • Choosing 8 characters because the site allows it. 8-character passwords with mixed types fall in hours to a single GPU. 12 is the modern bare minimum, 16+ is the standard.
    • Substituting letters in a real word. "P@ssw0rd!" is in every cracking dictionary — patterns like "a→@" and "o→0" are tried first.
    • Skipping symbols when the site allows them. Adding symbols multiplies the alphabet from 62 to 94, raising entropy by about 0.6 bits per character at no cost.

    Frequently Asked Questions

    Ad Space