What makes a password strong?

A strong password is long, random, unique to one account, and not based on names, dates, keyboard patterns, or reused phrases.

Is a passphrase stronger than a password?

A random passphrase can be strong when it has enough words. A random character password is usually best when a password manager stores it.

Strong Password Generator

A strong password is long, random, and unique. It should not contain names, dates, quotes, keyboard patterns, reused words, or small substitutions that attackers can predict.

Generate a strong password

Strong password criteria

A strong password combines enough length with real randomness. It should also be unique to one service, because reuse can turn a single leaked password into access across many accounts.

For most people, the strongest practical setup is a 20-character or longer random password saved in a password manager, plus multi-factor authentication on important accounts.

Strong password checklist

Choose enough length: 16 characters is a practical minimum, and 20 or more is better for sensitive accounts.
Use randomness from the browser crypto API rather than a phrase you invented.
Keep each account unique so one breach does not unlock other services.
Prefer a password manager for storage and autofill.

Recommended password length

For ordinary accounts, use at least 16 random characters. For email, banking, administrator access, password manager recovery, and other high-value accounts, use 20 to 24 characters or a longer random passphrase.

Complex password or unique password?

A complex password is only useful when it is also random and unique. Reusing a complex-looking password across sites is still risky, because one breach can expose the same secret everywhere else.

Password or passphrase?

Use a random password when a password manager will store it. Use a multi-word random passphrase when you need to type or remember the secret manually, such as a master password or device login.

Security tradeoffs

Symbols can help, but length is usually easier to reason about. A longer password from a broad character set creates a larger search space than a short password with one symbol added at the end.

Examples of weak patterns to avoid

Names, birthdays, street names, pet names, team names, or company names.
Keyboard paths, repeated characters, years, seasons, or words with one number added.
Reusing an old password with a small change, such as adding a symbol at the end.
Passwords generated once and then shared across multiple accounts.

How to verify strength

The main generator estimates entropy and search space as you change length and character options. For a deeper explanation, read the password entropy guide. If you want to evaluate an existing password pattern without submitting it anywhere, see the password strength guide.