Question 1

How long should my password be in 2026?

Accepted Answer

NIST SP 800-63B (2024 revision) sets the floor at 8 characters and the recommendation at 15. OWASP guidance for stored credentials is more nuanced — what matters is total entropy, not character variety. Entropy in bits is length × log2(pool size). A 16-character password with all four character classes (94 possible chars) has 16 × log2(94) ≈ 105 bits — enough to resist offline brute-force from a national-level adversary.

Length	Pool	Entropy	Crack time (1 GPU, fast hash)
8	all 4 sets	52 bits	~7 hours
10	all 4 sets	66 bits	~12 years
14	all 4 sets	92 bits	~800 trillion years
16	all 4 sets	105 bits	effectively forever
4 words	EFF list	52 bits	~7 hours
5 words	EFF list	65 bits	~9 years
6 words	EFF list	78 bits	~76,000 years

Crack times assume 100 billion guesses/sec — realistic for one modern GPU against unsalted fast hashes like MD5/SHA-1. Bcrypt/Argon2 are 10⁵–10⁷ times slower, making the same password effectively uncrackable.

Question 2

Is this password generator cryptographically secure?

Accepted Answer

Yes. Every random value comes from crypto.getRandomValues(), the browser's CSPRNG (Cryptographically Secure Pseudo-Random Number Generator). On Linux and macOS it pulls from /dev/urandom, which is seeded from the OS entropy pool. On Windows it pulls from CryptGenRandom. The output is statistically uniform and computationally unpredictable — an attacker who observes any number of prior outputs cannot predict future ones. This is the same source bcrypt, OpenSSL, and your password manager all use internally. The implementation specifically avoids Math.random(), which is a fast non-cryptographic PRNG and would let an attacker recover the internal state and predict future outputs. To eliminate modulo bias, character selection uses rejection sampling — a uniformly random 32-bit integer is rejected if it would land in the partial bucket, then re-rolled.

Question 3

Why does this default to 8 characters when 16 is recommended?

Accepted Answer

The 8-character default matches NIST's documented minimum and is a deliberate floor — the slider goes all the way to 128. The inline entropy bar shows that 8 characters with all character sets enabled produces ~52 bits of entropy, which is crackable in days by a single GPU against unsalted fast hashes. That number is shown live to the user so the implications of the default are visible. For paste-into-password-manager usage, the recommendation is 16-20 characters. For master passwords, 20+. The tool does not silently override the user's choice — instead it tells the truth about what each length means at hashcat speeds.

Question 4

What's the difference between Random and Memorable mode?

Accepted Answer

Random mode produces a high-entropy string of characters drawn from your chosen character sets — the result is something like 'Mx7$pFv9R2eL9qWn'. These are designed for password managers where you never type them. Memorable mode generates passphrases using the EFF Large Wordlist (RFC 6919-style word selection, 7,776 words), producing something like 'pedal-delphine-arabia-blaring-cramp'. Each word averages 12.92 bits of entropy, so a 5-word passphrase has ~64 bits — comparable to a 10-character random password but vastly easier to type and remember. Use Memorable for master passwords, disk encryption keys, anything you have to type from memory. Use Random for everything stored in your password manager.

Question 5

How does the entropy calculation work?

Accepted Answer

Entropy in bits = length × log2(pool size). For a random password with all four character classes enabled (uppercase + lowercase + numbers + symbols = 94 chars), each character contributes log2(94) ≈ 6.55 bits. A 16-char password has 16 × 6.55 ≈ 105 bits. For a passphrase, entropy per word = log2(wordlist size). The EFF Large Wordlist has 7,776 words, so each word contributes log2(7776) = 12.92 bits. A 5-word passphrase has 5 × 12.92 = 64.6 bits. The crack-time estimate assumes a 'fast offline attacker' at 100 billion guesses per second — realistic for one mid-2024 RTX 4090 with hashcat against an unsalted fast hash. For salted slow hashes like bcrypt or Argon2, the attacker's effective rate drops by 5-7 orders of magnitude, so the same password is effectively uncrackable.

Question 6

Should I use symbols or special characters?

Accepted Answer

It marginally helps but length matters far more. Adding all symbols to a 12-char password takes it from 67 bits (uppercase + lowercase + numbers, 62 chars) to 78 bits (all four sets, 94 chars). The same 11-bit gain comes from adding 1.5 extra characters of length. Symbols matter most when you're length-constrained — for example, if a site caps passwords at 12 chars (these sites still exist in 2026 and they should be ashamed). For generated passwords with no length limit, just make it longer. There are real downsides to symbols: some apps reject specific characters (no $ allowed, no quotes), some have rendering bugs that mangle them, and symbols are awkward to type on phone keyboards. The 'Exclude ambiguous' toggle removes characters that are confusing on the page (0/O, l/1/I) — useful when the password might need to be transcribed by hand.

Question 7

What's the EFF Large Wordlist and why use it?

Accepted Answer

The Electronic Frontier Foundation published the EFF Large Wordlist in 2016 specifically for Diceware-style passphrase generation. It contains 7,776 carefully chosen words (exactly 6^5, matching 5d6 dice rolls). The selection criteria: 3-9 letters, easy to spell, no profanity, no homophones, no rare or technical words, recognizable to English speakers. Every word contributes log2(7776) = 12.9 bits of entropy when picked uniformly at random. The result is passphrases that are both strong and pronounceable — much better than older lists (the original 1995 Diceware list contained obscure words like 'jdwp' and '!#'). The wordlist is bundled directly into this page (no CDN fetch) under the Creative Commons CC BY 3.0 US license. Source: eff.org/dice.

Question 8

Are random PINs really secure?

Accepted Answer

For locking a phone or hardware token with rate-limited unlock attempts, yes — a 6-digit random PIN gives 1,000,000 possible combinations. After 10 failed attempts the device is wiped or locked out, so even guessing 10 random PINs gives the attacker only a 0.001% chance of success per attempt window. For unrestricted offline attacks, PINs are weak — 6 digits = 19.9 bits of entropy = effectively instant to crack against any fast hash. The 'no consecutive repeats' and 'no sequences' toggles in this tool eliminate patterns like 1111, 1234, and 9876 that human-chosen PINs cluster around. According to research by Daniel Amitay (2011), 1234, 0000, and 2580 alone account for ~15% of human-chosen 4-digit PINs — using a random PIN puts you outside that target zone immediately.

Strong Password Generator

What Counts as a Strong Password in 2026?

Random vs Memorable vs PIN

Random Password

Memorable Password

PIN Code

How This Generator Works

Frequently Asked Questions