MayoCalc / Tech

Password Generator

Generate strong, random passwords instantly. Everything runs in your browser. Nothing is sent to any server.

Loading...
Password Length16
Uppercase (A-Z)
Lowercase (a-z)
Numbers (0-9)
Symbols (!@#$...)
Very Strong
~99.6 bits of entropy
Disclaimer: This tool is provided for general educational and entertainment purposes only. Results are estimates and should not be relied upon for any critical decision. Neither MayoCalc nor Cook Media Systems assumes any liability for consequences arising from the use of this tool. By using this site, you agree to our Terms of Service and Disclaimer.

What Makes a Strong Password?

A strong password resists both brute-force attacks (trying every combination) and dictionary attacks (trying common words and patterns). Length is the single most important factor: a random 16-character password is exponentially harder to crack than a random 8-character password, even with the same character set. NIST's current guidance (SP 800-63B) emphasizes length over complexity and recommends passwords of at least 15 characters.

Securing network devices? The Subnet Calculator helps plan your IP address allocation and subnetting.

How to Use This Generator

Set your desired password length and select which character types to include: uppercase letters, lowercase letters, numbers, and special characters. The generator creates a cryptographically random password using your browser's built-in random number generator (window.crypto). You can generate multiple passwords, copy to clipboard, and check the estimated strength. The Password Strength Calculator evaluates any password you create.

Password Best Practices

Use a unique password for every account. Never reuse passwords across sites. Use a password manager (1Password, Bitwarden, or your browser's built-in manager) to store them. Enable two-factor authentication (2FA) on every account that supports it. Consider using a passphrase (4-5 random words) for passwords you need to type manually. Read our full guide on creating strong passwords.

Password Generator FAQ

How long should my password be?
NIST recommends a minimum of 15 characters. For high-security accounts (email, banking, password manager master password), use 20+ characters. With a password manager, there is no practical disadvantage to using very long passwords since you never need to memorize them.
Is a passphrase better than a random password?
A passphrase of 4-5 random words (like "correct-horse-battery-staple") can be easier to remember and type while being just as secure as a shorter random string, because the length compensates for the smaller character set. For accounts managed by a password manager, random strings are fine since you never type them. For passwords you must memorize (like your master password), a passphrase is often the better choice.

Password Generation Best Practices

A randomly generated password is fundamentally stronger than a human-created one because humans are predictably poor at generating randomness. Common patterns like starting with a capital letter, ending with a number or exclamation point, and using dictionary word bases make human passwords vulnerable to rule-based attacks. This generator uses cryptographic randomness (Web Crypto API) to produce truly unpredictable strings. For maximum security, generated passwords should be at least 16 characters and include a mix of all character types. Each online account should have a unique password to prevent credential-stuffing attacks (where breached passwords from one site are tried against other sites). A password manager is the practical solution for storing dozens or hundreds of unique random passwords.

What Makes a Strong Password

Password strength is measured in bits of entropy: each bit doubles the number of possible combinations an attacker must try. A random 12-character password using uppercase, lowercase, digits, and symbols (95 possible characters) has approximately 79 bits of entropy (log2(95^12)), requiring billions of years to crack by brute force at current speeds. Length is the single most important factor: each additional character multiplies the search space by the size of the character set.

Common password attacks include: brute force (trying every combination), dictionary attacks (trying common words and variations), credential stuffing (using passwords leaked from other breaches), and social engineering. Approximately 80% of data breaches involve weak or reused passwords according to Verizon's Data Breach Investigations Report. Using a unique random password for every account eliminates the risk of credential stuffing.

Password Manager Recommendations

A password manager stores all your passwords in an encrypted vault, requiring you to remember only one master password. This allows every account to have a unique, randomly generated password without the impossible task of memorizing hundreds of credentials. The Password Strength Calculator evaluates existing passwords against current cracking capabilities. Two-factor authentication (2FA) adds a second layer of security and should be enabled on all critical accounts (email, banking, social media) regardless of password strength.

Related Calculators

Password Strength

Test how strong your password is

QR Code Generator

Create QR codes instantly

Random Number Generator

Generate random numbers in a range

Related Guide

How to Create a Strong Password →