Password Generator

How to choose a strong password

The strength of a password is measured in bits of entropy. Each bit doubles the number of possible passwords an attacker has to try. Modern recommendations:

• 40 bits or below — weak. A determined attacker with a basic GPU rig can guess this in hours.
• 60 bits — fair. Resistant to casual attacks but not state-level adversaries.
• 80 bits — strong. Practically unbreakable through brute force with current technology.
• 100+ bits — overkill for most users; appropriate for encryption keys.

Three rules for password security

1. Length beats complexity. A 20-character lowercase password is stronger than an 8-character one with all character types. Aim for ≥16 characters.
2. Never reuse. Use a password manager (Bitwarden, 1Password, KeePassXC) to generate and store a unique password for every service. Reusing one means a breach at the weakest site exposes them all.
3. Enable 2FA on every account that supports it. A password alone — even a strong one — is no longer enough for critical accounts (email, banking, hosting).

Privacy note

This generator runs entirely in your browser using the cryptographically secure window.crypto.getRandomValues API. Passwords are never sent to our servers, logged, or stored anywhere. You can verify by opening DevTools → Network and watching: no outbound requests when you generate.

When you need this most

• Setting up new hosting / DirectAdmin accounts
• Creating email accounts on your domain
• WordPress admin accounts
• Database / MySQL user passwords
• API keys and webhook secrets
• M-Pesa API and KopoKopo client secrets