X Xerobit

Password Generator

Generate strong random passwords with configurable length, character classes, and exclusions. Real entropy meter and GPU crack-time estimate tell you exactly how secure the password is. Runs on crypto.getRandomValues() — the same CSPRNG your browser uses for TLS keys. 100% client-side: nothing is ever sent to a server.

4weak ↔ nuclear128
Character classes
Safety options
Generated password
Strength
Click Generate.

How to generate a strong password

A secure password generator is only useful if you know what settings produce genuinely strong output. Follow these five steps every time you create a new password:

  1. Choose a length of 16 characters or more. Length is the single biggest driver of entropy. A 16-character password using the full printable character set has ~105 bits of entropy — enough to resist any foreseeable offline attack. For high-value accounts (email, banking, password manager master password) go to 20+ characters.
  2. Include all four character sets. Mix uppercase letters, lowercase letters, digits, and symbols together. Each additional character type multiplies the search space an attacker must cover. A password using all 94 printable ASCII characters gives ~6.5 bits per character versus ~4.7 bits for letters-only.
  3. Exclude ambiguous characters when you need to type it by hand. Characters like 0/O, l/1/I, and |// look identical in many fonts and are a common source of transcription errors. This tool has a built-in "exclude ambiguous" option — enable it for passwords you'll type manually (router admin panel, BIOS password). The entropy cost is negligible (~1–2 bits).
  4. Generate several candidates and pick one. Run the generator two or three times and choose whichever result feels most comfortable. All outputs are equally random; this step is purely ergonomic. Do not modify the password afterward — "adding your own twist" reduces randomness, it does not improve it.
  5. Store it in a password manager immediately. Copy the password directly from this tool into Bitwarden, 1Password, or KeePass before closing the tab. This page keeps nothing — once you navigate away the password is gone. A strong random password you cannot recall is worthless without a manager; a manager with a weak master password defeats the purpose. Use a 20-character random password (or a diceware passphrase) as your master.

Password character sets explained

Every character you add to a password is drawn from an alphabet — the pool of possible characters. A larger alphabet means more possible passwords of the same length, which means more work for an attacker. The table below shows how each character set contributes to entropy:

Type Characters Pool size Bits added per character
Lowercase onlya–z26+4.7 bits
Uppercase onlyA–Z26+4.7 bits
Digits only0–910+3.3 bits
Symbols!@#$%^&* and others32+5.0 bits
Lower + Uppera–z + A–Z52+5.7 bits
Lower + Upper + Digitsalphanumeric62+6.0 bits
Full printable ASCIIall 94 chars94+6.5 bits

The formula is: entropy_bits = length × log₂(alphabet_size). Doubling the alphabet size adds roughly one bit per character — but doubling the password length doubles the total entropy. Both matter, but length scales better.

Password crack time estimates

How long would it actually take to crack a password? The answer depends on the hashing algorithm protecting it, the attacker's hardware, and the password's entropy. The table below uses two realistic scenarios: a fast hash (MD5, ~10 billion guesses/sec on a modern GPU) and a slow adaptive hash (bcrypt, ~100,000 guesses/sec). Real attackers targeting credential dumps typically see MD5 or SHA-1; applications that do security properly use bcrypt, scrypt, or argon2.

If an attacker mounts a brute force attack against a stolen database, these are the expected times to crack each password type:

Password length Character set Entropy (bits) MD5 crack time (~10B/sec) bcrypt crack time (~100K/sec)
8 chars Lowercase only (26) ~38 bits Seconds ~45 minutes
8 chars Full printable ASCII (94) ~52 bits ~6 hours ~1,400 years
12 chars Full printable ASCII (94) ~79 bits ~19,000 years Billions of years
16 chars Full printable ASCII (94) ~105 bits Billions of years Far beyond universe age
20 chars Full printable ASCII (94) ~131 bits Longer than the age of the universe Longer than the age of the universe

The takeaway: 12 characters with the full character set is the practical floor for any account you care about in 2026. Sixteen characters is strongly recommended. Twenty characters for anything high-value (email, password manager master password, banking). The crack time jumps are not linear — they are exponential because every extra character multiplies, not adds to, the search space.

Note: these estimates assume a raw offline brute-force attack. Dictionary attacks, credential stuffing, and social engineering bypass all of this — which is why uniqueness (never reusing passwords) matters as much as strength. A unique strong password from a secure password generator is the combination that makes you genuinely hard to attack.

What makes a password "strong" in 2026

One thing: entropy. Entropy is the number of bits an attacker would have to guess. The math:

entropy_bits = length × log2(alphabet_size)

A 12-character lowercase-only password = 12 × log₂(26) ≈ 56 bits. A 20-character password with all four classes (upper + lower + digits + symbols, ~94 chars) = 20 × log₂(94) ≈ 131 bits. The jump from 56 to 131 bits isn't 2× stronger — it's 2⁷⁵ times stronger. That's the difference between "cracked overnight" and "cracked after the heat death of the universe."

Target bit thresholds

The randomness is real

This tool uses crypto.getRandomValues(), which pulls from your OS's cryptographically secure pseudorandom number generator (CSPRNG) — the same source Chrome uses for TLS keys and WebCrypto. Not Math.random(), which is predictable and must never be used for security.

We also use rejection sampling when mapping random bytes to character alphabets, so every character in the output is uniformly distributed across the alphabet. No subtle bias from naive % alphabet.length mapping.

Pronounceable mode — when to use it

Pronounceable mode alternates consonants and vowels (CVCVCV...), producing passwords like Mikibopu8!. Easier to memorize and type, but the effective alphabet shrinks to ~25 chars, so entropy drops ~20%. Use for passwords you must type by hand (router admin, BIOS password). For everything else, use a password manager and maximum-strength random.

What this tool does NOT do

Crack-time methodology

The displayed crack time in the tool assumes an offline attack at 1 trillion guesses/sec, which matches a modern GPU rig cracking a fast-hash target (MD5, NTLM). Against bcrypt or argon2 (what real apps use for password hashing), attackers get 10,000× slower, so a password with 60-bit entropy that cracks in "1 day" against MD5 takes ~27 years against bcrypt. Either way: more entropy = exponentially better.

Want to understand how secure your password really is? The crack time estimates above give you the full picture for offline attacks. For a deeper dive into the mathematics behind password strength, see our companion post on entropy and password security.

Frequently asked questions

How long should a password be in 2026?

The minimum for any account you actively use is 16 characters. At 16 characters with the full printable ASCII set (~94 characters), you have approximately 105 bits of entropy — well beyond what any foreseeable hardware can crack offline. For high-value accounts — email, banking, your password manager master password, or anything tied to your identity — use 20 characters or more. The extra four characters cost you nothing (you're storing it in a manager anyway) and push entropy to ~131 bits, which is effectively uncrackable for the lifetime of the universe.

The old NIST recommendation of 8 characters is obsolete. Even with the full character set, an 8-character password sits at ~52 bits — crackable in hours by a GPU cluster against a fast hash. Do not use 8-character passwords for anything that matters.

Should I use special characters in my password?

Yes. Adding symbols to your character set roughly doubles the search space per character compared to alphanumeric-only. An alphanumeric character set has 62 options per position (~6.0 bits); the full printable ASCII set with symbols has 94 options (~6.5 bits). Over a 16-character password, that difference compounds to roughly 8 additional bits of entropy total — equivalent to adding one and a half extra alphanumeric characters. Symbols are worth including unless a site explicitly forbids them (which is itself a red flag about how that site handles passwords).

One practical note: if you need to enter the password on a mobile keyboard or in a restricted input (some ATMs, some terminal interfaces), symbols can be painful. In those cases, compensate by increasing length — a 24-character alphanumeric password (~144 bits) is stronger than a 16-character password with symbols (~105 bits).

How is this different from using my browser's built-in password generator?

Modern browsers (Chrome, Firefox, Safari, Edge) include built-in password generators tied to their respective password managers. Those generators are also CSPRNG-backed and safe to use. The differences are practical:

Bottom line: if you are already using a browser password manager and are happy with its generator, keep using it. If you want more control, transparency, or bulk output, use this tool and paste the result into your manager of choice.

Is the generated password unique?

At 80+ bits of entropy, the probability of collision across all humans ever is vanishingly small. At 128 bits, it's not a thing that happens.

Why exclude ambiguous characters?

Characters like 0/O, 1/l/I, and |// look identical in many fonts. Excluding them reduces errors when passwords must be typed or transcribed. Costs ~1–2 bits of entropy — negligible.

Can I use this for encryption keys?

For human-entered passphrases that derive keys via PBKDF2/scrypt/argon2, yes. For raw encryption keys (AES-256, etc.), use proper key generation: crypto.subtle.generateKey() or equivalent — those must be raw bytes, not alphabet-restricted strings.

Bulk mode — what's it for?

Generating temporary passwords for multiple accounts at once (e.g., pre-generating for team onboarding, or seeding test data). Generates up to 100 at a time.

Is this really offline?

Yes. After the page loads, you can disconnect from the internet. The CSPRNG lives in your browser.

Related tools

Related articles

Pillar

Part of Encoding & Crypto.

Written by Mian Ali Khalid. Last updated 2026-05-12.