Generated Password
{{ generatedPassword }}
{{ strengthLabel }}
{{ entropyBits }} bits entropy ~{{ crackTime }} to crack
  • {{ pwd }}
  • No passwords yet.
  • {{ row.label }} {{ row.value }}
Categories: Generator , Security
Export to PDF Fullscreen

A strong password is a random string of characters that resists dictionary guesses and brute-force searches by maximizing entropy—the number of unpredictable bits encoded across its length and character set. Digital services increasingly rely on such secrets to guard accounts, encrypted volumes, and API keys. Modern compliance standards explicitly recommend random, high-entropy generators over memorable phrases.

This generator lets you choose length, character pools, and whether each symbol must be unique. A reactive engine draws from the active pool, builds a string on the fly, then evaluates its strength with an open-source estimator. In parallel, it calculates theoretical entropy and an approximate crack time based on ten-billion guesses per second.

Use it before creating a new email, cloud, or banking login: generate, copy, and save the result in your password manager, or download it as a text file for offline transfer. Avoid reusing passwords or writing them on paper where others may see them; losing the string means losing access.

Technical Details:

Random password generation relies on combinatorial explosion. If a character set contains N distinct symbols and a password is L characters long, the total search space equals NL. Entropy, drawn from information theory, transforms that space into bits: E = L × log2N. Each added bit doubles attacker effort, so higher E exponentially slows brute-force attacks and meets recommendations in NIST SP 800-63B. The tool shows entropy live, warns when patterns reduce randomness, and updates its meter instantly to guide safe choices.

Core Equation:

E=L× log2N

Where L is password length and N is the active character-pool size.

Strength Categories:

ScoreLabelGuidance
0Very WeakAvoid for any purpose.
1WeakImproper for long-term accounts.
2FairAcceptable only for low-risk throw-aways.
3GoodSuitable for personal accounts with MFA.
4StrongPreferred for critical or privileged access.

Key Parameters:

  • Length (L) – total characters to generate.
  • Character pools – uppercase, lowercase, numbers, symbols, sans ambiguous glyphs.
  • Unique only – prevents character reuse until the pool resets.

Example (L = 12, N = 62):

12× log262 =71.6

≈ 71.6 bits entropy → estimated crack time > 37 000 years at 1010 guesses / s.

Assumptions & Limitations:

  • Password space assumes uniform random selection; human bias lowers actual entropy.
  • Crack-time model fixes attack rate at 10 billion guesses / second.
  • Strength meter focuses on offline attacks; online throttling shifts risk profiles.
  • Clipboard data may persist beyond the session; clear it promptly.

Edge Cases & Error Sources:

  • Length under four yields negligible entropy, regardless of pools.
  • Disabling all but one pool drops complexity to simple permutations.
  • Unique-only mode with small pools can repeat characters when length exceeds pool size.
  • Browser extensions might intercept clipboard operations.

References: NIST SP 800-63B; Shannon (1948) “A Mathematical Theory of Communication”; Mazurek et al. (2013) “Measuring Password Guessability”; Shay et al. (2016) “Assessing Strength Meters”.

All computations occur in your browser; no input or output is transmitted, supporting GDPR and comparable regulations.

Step-by-Step Guide:

Follow these actions to build and keep a resilient secret:

  1. Set the desired Length.
  2. Open Characters and toggle the pools you trust.
  3. (Optional) enable Unique characters for maximum diversity.
  4. Press Regenerate; review the live strength bar.
  5. Copy or download the result and store it in an encrypted manager.

FAQ:

Is my data stored?

No. Everything happens locally; nothing leaves your device.

How is crack time calculated?

The estimate divides the total search space by a fixed rate of 10 billion guesses per second and converts seconds to human-readable units.

Why hide ambiguous glyphs?

Excluding look-alike characters reduces mistyping and visual confusion, especially when reading aloud.

Can I reuse generated strings?

Reusing passwords across services undermines security; generate a fresh one for every account.

How many items stay in history?

The list keeps the 20 most recent passwords for quick recall; older ones drop off automatically.

Glossary:

Entropy
Unpredictability measured in bits.
Character Pool
Set of eligible symbols for selection.
Crack Time
Estimated duration to brute-force the password.
Strength Score
Meter value from 0 (weak) to 4 (strong).
Unique-Only Mode
Option that prevents repeating characters until pool resets.