Password Generator
Generate secure cryptographically random passwords up to 128 characters. Choose uppercase, lowercase, numbers, symbols. Shows entropy bits and strength rating.
About the Password Generator
A password generator creates cryptographically random passwords using your browser's built-in secure random number generator (window.crypto.getRandomValues), ensuring each password is unpredictable even if the generator itself is observed. Unlike pseudo-random generators (Math.random), cryptographic randomness provides security guarantees: an attacker who knows the algorithm and all previous outputs cannot predict the next output. Passwords can be customised by length (up to 128 characters), character sets (uppercase A-Z, lowercase a-z, digits 0-9, symbols), and optionally excluding visually ambiguous characters (0/O, 1/l/I). The calculator also shows the entropy in bits — a measure of password strength. NIST SP 800-63B recommends at least 112 bits of entropy for sensitive accounts; a 16-character password using all character types provides approximately 105 bits. Password security is critical in the USA, UK, and globally — data breach statistics show weak and reused passwords as the leading cause of account compromise. In everyday life and specialty projects, having a fast, reliable calculator removes the guesswork and saves valuable time. From date calculations and time duration planning to construction estimating for tile, gravel, or roofing, these tools help you plan projects with accuracy. By verifying your needs in advance, you can avoid over-purchasing materials, stay within budget, and ensure your timelines are realistic. Furthermore, individual circumstances and local regulations can significantly impact the practical application of these figures. Users in the USA, Canada, the United Kingdom, Australia, and New Zealand often face different regional guidelines, tax brackets, or baseline measurements (such as USDA zones, CRA guidelines, HMRC allowances, or ATO schedules) that should be factored into any serious planning. By entering your specific parameters into this calculator, you can model multiple scenarios side by side to see how minor changes in inputs affect the overall outcome. This makes the tool an indispensable asset for regular monitoring and long-term goal setting, helping you adjust your strategies as your needs evolve over time. In addition, when incorporating this calculator into your regular planning and routines, it is highly recommended to document your results over a period of weeks or months. Keeping a structured log or digital archive of your calculations allows you to trace trends, identify patterns, and detect any sudden anomalies that may require adjustments. Whether you are managing electrical circuit loads, tracking personal health and fitness parameters, analyzing educational grade distributions, or balancing a household budget, consistent record-keeping turns one-off calculations into a powerful long-term strategy. Always verify that your input data is sourced from reliable references before drawing major conclusions, and consult with qualified experts when making decisions that impact your physical health, safety, or financial security.
Formula
Entropy (bits) = length × log₂(charset_size) | Charset: a-z(26), A-Z(26), 0-9(10), symbols(32) | Crack time ≈ 2^entropy / (2 × guesses_per_second)
How It Works
Random character selection: fill an array with n characters selected uniformly at random from the allowed character set. Entropy = log₂(charset_size^length) = length × log₂(charset_size). Character set sizes: lowercase only (26): 4.7 bits/char; lowercase + uppercase (52): 5.7 bits/char; + digits (62): 5.95 bits/char; + symbols (94): 6.55 bits/char. Examples: 12-char, all types (94): 12 × log₂(94) = 12 × 6.555 = 78.7 bits — acceptable for most uses. 16-char, all types: 104.9 bits — strong. 20-char, all types: 131.1 bits — excellent. For comparison: a dictionary word has ~10-15 bits; a 4-digit PIN has log₂(10000) = 13.3 bits; a 6-letter lowercase word has 6 × 4.7 = 28.2 bits — all easily brute-forced. Modern GPU clusters can attempt billions to trillions of guesses per second against hashed passwords. To compute this value manually, follow these standard steps: 1. Identify all the required input variables (such as base values, rates, dimensions, or constants) and convert them to matching units. 2. Apply the primary mathematical formula or conversion factor designated for this specific calculation. 3. Perform the arithmetic operations step by step, ensuring you strictly follow the standard order of operations (PEMDAS/BODMAS). 4. Verify the result by running the calculation in reverse or checking against known reference tables. By following this structured methodology, you can verify your results and gain a deeper understanding of the relationships between the different variables involved in the calculation.
Tips & Best Practices
- ✓Use a different password for every account. Password reuse is the most common way that breached credentials from one site enable attackers to compromise other accounts — a technique called credential stuffing. A password manager makes this practical.
- ✓Length matters more than complexity. A 20-character lowercase password (94 bits entropy) is stronger than a 10-character mixed-case, symbol, and digit password (66 bits). The NIST 2017 guidelines dropped mandatory complexity rules in favour of emphasising length and blocking known compromised passwords.
- ✓For passwords you need to memorise (like a password manager master password), consider a passphrase — 4-6 random common words separated by spaces or symbols. "correct-horse-battery-staple" has ~52 bits entropy (from ~2000 common words: log₂(2000^4) = 43.9 bits) and is far more memorable than an equivalent random character string.
- ✓The "Have I Been Pwned" service (haveibeenpwned.com) lets you check if your email or a password has appeared in known data breaches. Many password managers integrate this check automatically. A previously breached password should never be reused.
Who Uses This Calculator
Individuals creating new accounts and needing strong, unique passwords without manual effort. IT administrators generating initial credentials for employee accounts and system access. Developers creating random secrets, API keys, session tokens, and test credentials. Security-conscious users auditing and replacing weak or reused passwords across their accounts. Common practical scenarios for this tool include: - Professional scenarios: Engineers, financial analysts, accountants, health practitioners, and educators use this calculation to verify data, draft official reports, and double-check manual calculations quickly. - Consumer and everyday scenarios: Homeowners, students, fitness enthusiasts, and travelers use the tool to make quick estimates on the go, budget for upcoming projects, and track personal goals. - Educational learning: Students and teachers use this tool as a step-by-step visual aid to understand mathematical formulas and verify homework answers.
Optimised for: USA · UK · Canada · Australia · Calculations run in your browser · No data stored
Frequently Asked Questions
How secure is a randomly generated password?
Security is measured in entropy bits: log2(charset_size^length). A 16-character password using uppercase, lowercase, digits, and symbols (94 characters) has log2(94^16) ≈ 105 bits of entropy — essentially unbreakable by brute force even with the most powerful computers. NIST recommends at least 80 bits for sensitive accounts.
What makes a password strong?
Length is the most important factor, followed by character set diversity. A 20-character password with only lowercase letters has more entropy than a 10-character password using all character types. Avoid dictionary words, names, dates, and patterns like "Password123!" which are trivially cracked by dictionary attacks.
Should I use a password manager?
Yes. Using a password manager lets you generate and store a unique, long, random password for every site without needing to remember them. The master password should be a long passphrase (4+ random words). Popular options include Bitwarden (open source, free), 1Password, and KeePass.