Password Generator
Generate cryptographically strong random passwords instantly. Customize length, character types, and quantity. All passwords are generated in your browser using crypto.getRandomValues() — nothing is transmitted or stored.
How strong is a generated password?
Passwords generated by PassFortify use crypto.getRandomValues(), the Web Cryptography API's cryptographically secure random number generator. A 16-character password using all character types (uppercase, lowercase, numbers, symbols) draws from a pool of 94 characters, yielding approximately 105 bits of entropy. At current computing speeds, that would take longer than the age of the universe to brute-force.
Entropy is calculated as length × log₂(charset size). The more character types you enable and the longer the password, the more entropy — and the stronger the password.
Password length recommendations by use case
- 8–10 characters — Legacy systems or services with strict length limits. Minimum acceptable for low-value accounts.
- 12–16 characters — Recommended for most everyday accounts: email, social media, shopping.
- 20–24 characters — High-value accounts: banking, cloud storage, password manager master password.
- 32+ characters — API keys, database passwords, encryption keys, and service accounts where humans rarely type the password.
Why use a password generator?
Human-chosen passwords are predictable. Studies show that people gravitate toward dictionary words, names, birthdates, and keyboard patterns — all of which are in attacker wordlists. A random password generator removes human bias entirely, producing passwords with true statistical randomness that cannot be guessed from personal information.
Frequently Asked Questions
NIST 2024 guidelines recommend at least 8 characters at minimum, but 12–16 is the practical standard for most accounts. For high-value targets like your email or banking login, use 20+ characters. Our generator defaults to 16, which provides over 100 bits of entropy with all character types enabled.
Yes, when it runs entirely in your browser. PassFortify uses crypto.getRandomValues(), the same cryptographically secure API used by security professionals. Your generated passwords never leave your device — there is no server-side component whatsoever.
Special characters expand the character pool from 62 to 94 characters, significantly increasing entropy. However, some systems restrict certain symbols. If a site rejects your password, try disabling symbols or using our alphanumeric generator variant.
Ambiguous characters look alike in some fonts: 0 (zero) and O, l and 1 and I. Excluding them helps when you need to type the password manually. It slightly reduces entropy but makes the password more readable — a reasonable trade-off when you can't paste.