Password Generator

What Makes a Strong Random Password

A strong password is one that is long, uses a wide character set, and is not reused across accounts. Length matters more than complexity: a 20-character password with only lowercase letters has more possible combinations than a 10-character one using all character types. The random number generator can create numeric PIN codes, while a full password tool generates alphanumeric and symbol combinations. For any password protecting sensitive data, store the result in a dedicated password manager rather than writing it down.

Password Generation Best Practices

• Use at least 16 characters for account passwords; 24+ for high-value accounts.
• Never reuse the same password across different websites or services.
• Store passwords in a password manager (Bitwarden, 1Password, or similar).
• Use a passphrase of 4 random words if the system allows spaces — longer and easier to remember.
• Change passwords immediately after any suspected breach or shared access.

Random Numbers for PIN Codes and Tokens

For numeric PINs, one-time codes, or token generation in classroom simulations, use the random number generator to create values within the required range. Set the minimum and maximum to match the PIN length or code format needed. For picking random participants rather than generating numbers, use the name picker or winner selector instead.

How Password Entropy Works

Password strength is measured in entropy - the number of guesses an attacker would need to try every possibility. Each character drawn from a 62-symbol alphanumeric set adds roughly 5.95 bits of entropy, so a random 16-character password carries about 95 bits, which is far beyond what any realistic offline cracking rig can search. The crucial word is random: a password built from a dictionary word with a capital letter and an exclamation mark might look complex, but cracking tools try those patterns first, so its effective entropy is a tiny fraction of its apparent strength. This is why generated passwords beat human-invented ones every time - humans reuse structures, favour keyboard runs, and anchor passwords to memorable dates. It is also why length beats complexity: adding four characters to a password multiplies the search space by more than ten million, while swapping an 'a' for an '@' barely registers because substitution rules are built into every cracking wordlist.

Passphrases vs Random Strings

There are two sound strategies for strong credentials, and the right one depends on whether a human has to remember the result. A random string like the ones this generator produces is the strongest option per character and is perfect when a password manager does the remembering. A passphrase - four or five words drawn randomly from a large wordlist, in the style of diceware - is slightly longer for the same strength but vastly easier to memorise and type, which makes it the better choice for the handful of passwords you must know by heart: your device login and the master password of the password manager itself. The trap to avoid is the middle ground: a short, human-invented 'clever' password that is neither random nor memorable. A practical setup is one strong memorised passphrase guarding a password manager, with every other account using a unique generated random string you never see again.