A strong password is long, random and unique to one account. The single biggest factor is length — a longer password has far more possible combinations, which is what defeats brute-force guessing. The easiest way to get one is to generate a random password and store it in a password manager. Here is what matters and how to do it.
Aim for at least 16 characters; longer is stronger.
Include uppercase, lowercase, numbers and symbols to enlarge the character set.
Use a generator that draws from a cryptographic random source, not a memorable phrase.
Save it in a password manager and use a unique password for every account.
Why does length matter more than symbols?
Each extra character multiplies the number of possible passwords. Adding length increases that count faster than adding a single symbol does. A 20-character password from letters and numbers is far harder to crack than an 8-character one stuffed with symbols. The password generator shows an entropy estimate so you can see the difference.
Should passwords be random?
Yes. Human-chosen passwords follow predictable patterns that attackers exploit. A cryptographically random password has no pattern. Generators that use crypto.getRandomValues (like this one) are suitable for real accounts, unlike anything based on Math.random. Never store the result as a plain hash — services should use a slow password hash; see MD5 vs SHA.
Tip: Reusing a password is riskier than a slightly shorter one — a unique password per site means one breach can’t unlock your other accounts.
Generate a strong password now
Create a secure random password with the length and characters you choose — free, in your browser.
Open the Password Generator →Frequently Asked Questions
What makes a password strong?
Length, randomness and uniqueness. Aim for 16+ random characters and never reuse a password across sites.
Are generated passwords safe to use?
Yes, if they use a cryptographic random source. This generator uses the Web Crypto API and never sends the password anywhere.
How should I remember them?
You shouldn’t — use a password manager to store unique passwords and only remember one strong master password.