Password Generator

• Use 12+ characters — length is the single most important factor. Each additional character exponentially increases security.

• Mix character types — combine uppercase, lowercase, numbers, and symbols to maximize the character pool (from 26 to 94+ characters).

• Avoid dictionary words — real words are vulnerable to dictionary attacks. Use random characters or passphrases with unrelated words.

• Never reuse passwords — if one password is compromised, all accounts sharing it are exposed. Use a unique password for every account.

• Use a password manager — they securely store all your passwords so you only need to remember one master password.

• Enable two-factor authentication (2FA) on every account that supports it. Even if your password is compromised, 2FA provides an additional security layer.

• Beware of phishing — never enter passwords on suspicious sites. Check URLs carefully and use bookmarks for sensitive sites.

• Change compromised passwords immediately — check haveibeenpwned.com to see if your accounts have been in data breaches.

• Don't share passwords via email or text — these channels are not secure. Use a password manager's sharing feature instead.

Password strength is measured by entropy — the mathematical unpredictability of the password. Entropy is calculated as:

Entropy (bits) = Length × log₂(Pool Size)

For example, a 16-character password using all 94 printable ASCII characters has about 105 bits of entropy — making it virtually impossible to crack by brute force.

• Using personal information — birthdays, pet names, addresses, and phone numbers are easily guessable.

• Simple patterns — "123456," "qwerty," and "password" remain the most commonly used (and breached) passwords every year.

• Reusing across sites — one data breach exposes every account using the same password (credential stuffing attacks).

• Minor substitutions — changing "password" to "p@ssw0rd" is not effective — attackers know these patterns and test for them automatically.