How long should a password be?

For important accounts, 16 to 20 characters or more is a practical baseline when the service allows it. Length and uniqueness usually matter more than human-memorable complexity tricks.

Are symbols required?

Use symbols when the account form requires them. If long passwords are allowed, randomness, length, and uniqueness are the main goals.

Does it check breached passwords?

No. This tool does not compare the generated password with breach databases or password blocklists.

Password Generator

Q: Is this online password generator safe?

The password is generated in the browser with crypto.getRandomValues and is not sent to a server by this tool. You still need safe storage, MFA, and a clean device.

Generate a strong random password in your browser with length, character set, strength estimate, and one-click copy.

Xs?O=e9B<a46lbz[

Length: 16 characters

4128

Strength:Very strong

Estimated crack time:billions of years

Model estimate assumes 10 billion guesses/sec and does not account for breaches, phishing, malware, or account-specific rules.

Generated in the browser

The password is generated in your browser with crypto.getRandomValues() and is not sent to a server by this tool.

After copying

Save the password in a password manager, use it for one service only, and enable MFA where possible.

Generate a strong random password

Use this password generator to create a random password with the length and character groups accepted by the account or device you are securing.

Use a unique password for every important account.
Prefer longer random passwords when the service accepts them.
Store the result in a password manager instead of notes, email, or chat.
Turn on MFA for email, banking, work, cloud, and other high-value accounts.

Do not reuse passwords

Even a strong password becomes risky if it was already used somewhere else. A breach at one service can expose other accounts when the same password is reused.

Password strength estimate

The strength estimate uses password length and the size of the selected character set. It is a model for random passwords, not a guarantee against phishing, malware, credential theft, or reused secrets.

E = L \times lo g_{2} (N)

E is estimated entropy in bits, L is password length, and N is the character set size.

Entropy	Label	How to read it
< 28 bits	Very weak	Only suitable for throwaway tests without real data
28-36 bits	Weak	Increase length before using it for an account
36-60 bits	Medium	Acceptable only for low-risk use cases
60-80 bits	Strong	Practical range for many user accounts when unique
> 80 bits	Very strong	Large brute-force margin when stored safely

Browser-based generation

The tool generates passwords in the browser with `crypto.getRandomValues()`. The generated password is not sent to a server by this calculator.

Still handle it as a secret

Copy the password directly into a password manager and clear temporary traces. This page does not check breach lists or account-specific password rules.

Frequently Asked Questions

Sources and References

Calculations are based on the listed reference sources. Links open in a new tab.

Updated: June 2, 2026

Related Tools

UUID Generator

Generate UUID v4 and GUID-style identifiers in bulk, with uppercase, no-dash, and brace formatting options.

Open

Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes for text or a local file directly in your browser.

Open