How the Password Generator Works
This tool generates random, secure passwords directly in your browser. You can customize the length and character types. The generator also calculates the password's entropy, measuring its strength against brute-force attacks.
Random Generation
The password is created by selecting random characters from the available character set (charset). The base charset includes 26 lowercase letters, expandable with:
- Uppercase (A-Z): +26 characters
- Numbers (0-9): +10 characters
- Symbols (!@#$%...): +27 characters
With all types enabled, the charset is 89 characters. A larger charset makes the password harder to guess.
Entropy: Measuring Security
Entropy is calculated as: E = L x log2(C), where L is length and C is charset size.
| Entropy | Level | Brute-force time (10B attempts/s) |
|---|---|---|
| < 36 bits | Weak | Seconds - minutes |
| 36-59 bits | Fair | Hours - days |
| 60-79 bits | Good | Years |
| 80+ bits | Very strong | Millions of years |
A 16-character password with full charset has about 103 bits of entropy.
NIST Recommendations
The NIST guidelines SP 800-63B recommend:
- Minimum length of 8 characters (12-16 preferred)
- No mandatory periodic password changes without cause
- Check passwords against known compromised password lists
- Use a password manager for unique passwords per service
Privacy and Security
This generator runs entirely in the browser: the password is never transmitted to external servers.