How to Generate a Strong Password Online

Password strength comes from two things: length and unpredictability. A longer password with random characters is exponentially harder to crack than a short one, even if the short one contains symbols.

• Length: 12 characters is a reasonable minimum for most accounts. 16 or more for anything sensitive.
• Randomness: Passwords based on words, names, dates, or keyboard patterns are weak because attackers use dictionaries and pattern lists first.
• Character variety: Mixing uppercase, lowercase, numbers, and symbols increases the number of possible combinations at any given length.
• Uniqueness: Every account should have its own password. Reusing passwords means one breach exposes every account that uses the same credentials.

Open the Password Generator and choose your settings:

1. Set the length. Start at 16 characters as a default. Go higher for any account that cannot be easily recovered if compromised.
2. Select which character types to include. All four types — uppercase, lowercase, numbers, symbols — gives the strongest result.
3. Click generate. The tool creates a cryptographically random password in your browser — nothing is sent to any server.
4. Copy the password and paste it directly into the new password field of the account you are setting up. Do not type it from memory.
5. Save it in a password manager immediately. If you close the tab without saving it, you will need to reset the password — it is not stored anywhere.

A passphrase is a sequence of random words — like "maple-thunder-orbit-fence" — that is long and memorable. A five-word passphrase has more possible combinations than a random eight-character password with symbols, because length matters more than complexity for brute-force resistance.

Use the Random Password Phrase Generator to create multi-word passphrases. These are especially useful for master passwords (the password that unlocks your password manager) where you need something strong enough to memorise and type reliably.

A generated password is only as safe as where you store it. The options, from most to least recommended:

1. Password manager (Bitwarden, 1Password, KeePass) — the gold standard. One strong master passphrase unlocks a vault of unique passwords for every account.
2. Browser saved passwords — convenient and encrypted on device, but tied to one browser and not easily shared across devices or browsers.
3. Encrypted notes app — acceptable if the app uses end-to-end encryption.
4. Plain text file or sticky note — never do this. A plain text file is readable by any process on the computer. A sticky note is visible to anyone in the room.