Generator

Length: 16 chars

Check against known data breaches Sends only a 5-character anonymized hash fragment to HaveIBeenPwned.com — your password never leaves this page. How it works

How password security works

Why length beats complexity

Password rules that say “must contain uppercase, a number, and a symbol” came from 2003 guidance that has since been officially reversed by the U.S. government’s cybersecurity agency. The new consensus is simpler: length matters most. Every character you add doesn’t just increase combinations a little — it multiplies them. A 20-character phrase of common words is significantly stronger than an 8-character “P@ssw0rd” with all the boxes checked.

Password entropy is H = L × log₂(N), where L is length and N is charset size. NIST SP 800-63B (2017, revised 2023) explicitly removed mandatory complexity rules, instead recommending ≥8 characters minimum with ≥15 preferred. Adding one character to a 95-character-set password multiplies the search space by 95 (≈6.6 bits). Upgrading from 3-of-4 character types to 4-of-4 adds a fixed bonus — less entropy than a single extra character at lengths above 8.

How passwords actually get cracked

Attackers don’t try every combination randomly — they’re much more efficient than that. They start with lists of billions of already-leaked passwords, then try predictable variations like swapping “a” for “@” or adding “123” at the end. If your password is on those lists, it doesn’t matter how clever you think it is. Only after exhausting those options do attackers resort to brute force — and modern hardware can test billions of guesses per second.

Attack order by efficiency: (1) credential stuffing from breach dumps; (2) dictionary + rule mutations (leet substitutions, append-digit, capitalize-first); (3) pattern matching (keyboard walks, sequential runs, date patterns); (4) Markov-chain models trained on real password corpora; (5) raw brute force. An RTX 4090-class GPU tests ≈100B MD5 hashes/sec, dropping to ≈10K/sec for bcrypt at cost factor 12 — the reason bcrypt dramatically extends the “offline fast” crack time shown above.

Data breaches and why they matter

Billions of real passwords from hacked websites are now searchable by anyone. Attackers check these lists before trying anything else — if your password appears on one, the length and symbols don’t matter. This is also why reusing the same password across sites is dangerous: one breach can unlock all your accounts. The optional breach check here searches those databases without your actual password ever leaving this page.

Have I Been Pwned (HIBP) indexes 13B+ compromised credentials from public breach dumps. This tool uses the k-anonymity range API: SHA-1(password) is computed locally in the browser; only the first 5 hex digits (20 bits) are sent to api.pwnedpasswords.com/range/{prefix}; the returned suffix list is checked client-side. No full hash or plaintext ever leaves the browser. The model was co-designed with Cloudflare and is documented at haveibeenpwned.com.

Passphrases vs. passwords

A passphrase is several random words joined together — like “River-Stone-Eagle-Flame.” The critical word is “random”: words you choose yourself tend to follow patterns (your pet’s name, a favorite place, a movie). Words a generator picks for you don’t. Four randomly chosen words give you trillions of possible combinations, and they’re far easier to remember and type than a string of random characters.

Four words drawn from a 2,048-word list yields log₂(2048⁴) ≈ 44 bits of entropy. An 8-character random password from 95-char printable ASCII yields ≈52 bits — more entropy, but practically unmemorizable without a password manager. The EFF large wordlist gives 12.9 bits/word. This generator uses crypto.getRandomValues() for word selection, guaranteeing uniform distribution with no modulo bias.

Patterns attackers exploit

Predictable patterns are the first thing any cracking tool checks. Keyboard walks like “qwerty” or “asdfgh”, years like “2024” or “1987”, sequences like “abc” or “123”, and common substitutions like “@” for “a” are all on the same attack lists. They don’t hide a weak core — they just make you feel like you’ve done something. This analyzer flags each detected pattern specifically so you understand exactly what’s weak and why.

Detection covers: keyboard walks (all 3+ substrings matched against QWERTY row, column, and diagonal sequences, forward and reverse); sequential alphanumeric runs ≥3 (ascending or descending char codes); repeat analysis (maxRun ≥ 3 or single-char frequency >20%); date patterns (/(?:19|20)\d{2}/, MM/DD, MMDDYYYY); leet normalization (12-substitution map applied before the 300-entry common-password check). Each detected pattern subtracts from both the 0–100 score and the estimated entropy used for crack time calculations.

How generated passwords are secured

Every password generated here is built using your browser’s built-in cryptographic random generator — the same standard used by banking and encryption software. Nothing is sent to a server, nothing is stored, and nothing is logged anywhere. The moment you close or refresh the page, the password is gone unless you’ve already copied it. The only thing that leaves this page is what you deliberately copy and paste.

Generation uses window.crypto.getRandomValues() with rejection sampling to eliminate modulo bias: uint32 values ≥ ⌊2³² / N⌋ × N are discarded and resampled. At least one character from each selected type is guaranteed before filling the remaining length from the full charset. A Fisher-Yates shuffle (also via CSPRNG) provides an unbiased permutation. Math.random() is not used anywhere. The passphrase generator draws from an embedded 800-word list using the same RNG with identical bias elimination.