How to Generate a Secure Password

Why Random Passwords Matter

Human-chosen passwords follow predictable patterns: dictionary words, personal information (birthdays, pet names), keyboard walks (qwerty, 123456), and common substitutions (p@ssw0rd). Attackers know these patterns and build dictionaries specifically targeting them. A randomly generated password has no pattern to exploit — the only attack is brute force, which becomes impractical with sufficient length and character variety.

Understanding Password Entropy

Entropy measures the unpredictability of a password in bits. A password with N bits of entropy has 2^N possible combinations. The formula is: entropy = length × log2(character pool size). A 12-character password using uppercase, lowercase, digits, and symbols (95 characters) has about 79 bits of entropy — meaning 2^79 (roughly 604 sextillion) possible combinations. At 100 billion guesses per second, cracking it would take over 190,000 years. The Password Generator shows the entropy of each generated password.

Length vs Complexity

Length contributes more to entropy than character variety. A 20-character password using only lowercase letters (26^20 = 95 bits of entropy) is stronger than a 10-character password using all character types (95^10 = 65 bits). The ideal approach is both: use a long password with diverse characters. A minimum of 16 characters with mixed case, digits, and symbols is recommended for important accounts. For lower-security contexts, 12 characters is acceptable.

Passphrases: The Best of Both Worlds

A passphrase is a sequence of random words — like 'correct horse battery staple.' A 4-word passphrase drawn from a 7,776-word dictionary (the EFF wordlist) has about 51 bits of entropy. A 6-word passphrase has 77 bits — comparable to a complex 12-character password but far easier to type and remember. The key is that the words must be randomly selected, not chosen by a human. The Password Generator can create both random character passwords and random passphrases.