Strong passwords start with length
Password strength comes down to entropy (the number of possible combinations). Adding length matters far more than sprinkling in a few symbols.
| Composition | Length | Approx. entropy |
|---|---|---|
| lowercase only | 8 | ~38 bits |
| upper+lower+digits | 12 | ~71 bits |
| upper+lower+digits+symbols | 16 | ~105 bits |
Past about 70 bits, brute-forcing becomes impractical. For everyday accounts, 16+ characters is a good target.
Choosing options
- Pick the character types (upper, lower, digits, symbols) and length; it generates instantly.
- Some sites block certain symbols — if one is rejected, drop symbols and add length instead.
- The option to exclude look-alikes (
l/1,O/0) helps when you'll type the password by hand.
Safety
Passwords are generated in your browser and never sent or stored on a server. Don't reuse the same password across sites — keep them in a password manager. For deeper guidance, see secure password tips.