InfiniteCalc

Password Generator

Generate strong random passwords with custom length and character sets.

A password generator creates strong, random passwords that humans cannot guess and computers struggle to crack. Choose a length and which character types to include — uppercase, lowercase, digits, symbols — and generate as many candidates as you like until one is saved safely in your password manager.

Everything happens locally in your browser: passwords are generated on your own device using your browser’s cryptographic random number source and are never transmitted, stored, or logged by any server. The single most important thing to know about password strength is simple — length beats cleverness. A long random password is stronger than a short "complex" one every time.

What Makes a Password Strong

Password strength is measured in entropy — the number of equally likely possibilities an attacker must try. Each character drawn randomly from a 94-symbol keyboard set adds about 6.55 bits of entropy, so strength grows exponentially with length:

Entropy = Length × log2(Character Set Size)

This is why length beats complexity. "P@ssw0rd!" looks tough but follows a predictable human pattern that cracking tools try within seconds; a random 16-character password has roughly 105 bits of entropy and is beyond any realistic brute-force attack. Common substitutions (a→@, o→0), keyboard walks (qwerty), and dates add almost no real entropy because attackers model exactly those habits.

Practical targets: 12 characters minimum for ordinary accounts, 16+ for email, banking, and anything holding payment details, 20+ for password-manager master passwords.

How Long Passwords Survive Cracking

Approximate offline brute-force times for fully random passwords using all four character types (uppercase, lowercase, digits, symbols), against an attacker testing on the order of 10 billion guesses per second:

  • 8 characters: hours to days
  • 10 characters: decades
  • 12 characters: hundreds of thousands of years
  • 14 characters: over a billion years
  • 16 characters: effectively forever (~10 quadrillion years)

Two caveats. First, these times assume randomness — a 12-character password built from dictionary words and a birth year falls in minutes. Second, no length survives being leaked in plaintext or reused: if one site is breached, attackers immediately try that exact password everywhere else (credential stuffing). Unique-per-site matters as much as long.

Use a Password Manager — Seriously

Strong random passwords are unmemorizable by design, which is precisely why a password manager is the essential companion to this generator. A manager stores unlimited unique passwords in an encrypted vault, fills them automatically, flags reused or breached credentials, and means you only ever memorize one strong master password.

Reputable options include Bitwarden (open source, excellent free tier), 1Password, and the built-in managers in modern browsers and operating systems — any of them beats reusing passwords or keeping a notes file.

Best practices for the accounts that matter: - Generate a unique random password per site — never reuse - Enable two-factor authentication (an authenticator app beats SMS) - Make your master password a long passphrase, e.g. four or five random words - Never share passwords over email or chat

Frequently Asked Questions

Is it safe to use an online password generator?

This one generates passwords entirely on your device using the browser’s cryptographic random number source (crypto.getRandomValues). Nothing you generate is sent over the network, stored, or logged — you can verify by loading the page and disconnecting from the internet before generating. Avoid any generator that creates passwords on a server.

How long should my password be?

At least 12 characters for everyday accounts, and 16 or more for high-value targets like email, banking, and cloud storage. A random 16-character password using letters, digits, and symbols has about 105 bits of entropy — far beyond brute-force reach. When a site allows it, longer is always better and costs you nothing with a password manager.

Is a long password better than a complex one?

Yes. Entropy grows exponentially with length but only modestly with a bigger character set. A random 16-character lowercase-only password (about 75 bits) is far stronger than a random 8-character password using all symbol types (about 52 bits). Ideal is both — length first, then mixed characters — but never sacrifice length for visual complexity.

How do hackers actually crack passwords?

Mostly offline: after a site breach, attackers take the leaked password hashes and test billions of guesses per second against them, starting with dictionaries, common patterns, and previously leaked passwords. They also use credential stuffing — trying your leaked password on other sites. Random, unique, long passwords defeat both attacks.

How am I supposed to remember random passwords?

You are not — that is the password manager’s job. Store every generated password in a manager like Bitwarden or 1Password, which encrypts your vault and autofills logins. The only password you memorize is the master password; make it a long passphrase of four or five random words, which is both strong and memorable.

Related Calculators