Generate strong passwords, test your existing ones, and learn why good passwords matter.
Every extra character multiplies brute-force time exponentially. 20+ chars is effectively uncrackable with modern hardware.
Using all four character classes (upper, lower, digits, symbols) expands the pool from 26 to 94 possible values per position.
This generator uses crypto.getRandomValues() — cryptographically secure random numbers, not Math.random().
Generate a different password for every account. If one site is breached, attackers can't reuse it elsewhere.
A passphrase made of random common words is both easy to remember and extremely strong. Four random words give ~52 bits of entropy — enough to resist everything short of a nation-state.
Roll five dice, map the result to a word in a numbered list. Each word adds ~12.9 bits of entropy (7776 word choices).
Random words like "correct-horse-battery-staple" are far easier to remember than "Tr0ub4dor&3" and dramatically stronger.
Five Diceware words (~64 bits) is the minimum recommended for long-term secrets. Six words (~77 bits) for high-value accounts.
This generator uses the EFF Long Wordlist — 7,776 common English words, chosen for clarity and minimal ambiguity.
Open-source, free tier, self-hostable. Widely audited. Best choice for most people.
Polished UI, family/team plans, Travel Mode. Popular in enterprise.
Offline, open-source, local file storage. No cloud, maximum privacy.
From Proton (ProtonMail). E2E encrypted, open-source, integrated with Proton ecosystem.
Estimates assume offline attack at 100 billion guesses/second (modern GPU cluster) against a fast hash (MD5/NTLM). Against slow hashes (bcrypt, Argon2) multiply by 10,000× or more.
| Password Type | Example | Entropy | Fast Hash (100B/s) | bcrypt (10M/s) |
|---|---|---|---|---|
| 4-digit PIN | 1234 | 13 bits | < 1ms | < 1ms |
| 6-char lowercase | monkey | 28 bits | < 1s | < 30s |
| 8-char mixed case | Monkey12 | 47 bits | ~21 min | ~3 days |
| 8-char full charset | M0nk3y!X | 52 bits | ~12 hrs | ~140 days |
| 12-char full charset | xR7#kP!9mL2@ | 79 bits | ~6,000 yrs | forever |
| 16-char full charset | v8#Qz!dR2mWp@9sL | 105 bits | forever | forever |
| 20-char full charset | (generated above) | 131 bits | forever | forever |
| 3-word passphrase | correct-horse-battery | 38 bits | ~45 min | ~320 days |
| 4-word passphrase | correct-horse-battery-staple | 51 bits | ~6 hrs | ~380 yrs |
| 5-word passphrase | five random EFF words | 64 bits | ~1,800 yrs | forever |
| 6-word passphrase | six random EFF words | 77 bits | forever | forever |
Tries words from wordlists. Cracks most real-world passwords in seconds. "p@ssw0rd" = cracked instantly.
Pre-computed hash-to-password lookup tables. Defeated by salted hashes — modern systems always salt.
Tries every combination systematically. Always works eventually — length and charset size determine how long.
Uses leaked username/password pairs from other breaches. Unique passwords per site completely defeats this.
From MIT's time-sharing terminals to cryptographic passkeys — the story of how we prove who we are to computers.
The Compatible Time-Sharing System at MIT introduces the first computer passwords. Users are assigned personal passwords to protect their private files on a shared mainframe. Simple, plaintext — but a foundational idea that has lasted 60+ years.
Ken Thompson and Dennis Ritchie create the Unix /etc/passwd system. Instead of storing passwords in plaintext, they are hashed using crypt() — a one-way function based on DES. A huge leap: even system administrators cannot read users' passwords. The shadow password file separates hashes from world-readable user data.
Robert Morris Sr. and Ken Thompson publish the first major study of real-world password cracking. Analyzing actual Unix passwords, they discover most users choose short, predictable, or dictionary-word passwords. Their findings launch the field of password security research and introduce the concept of proactive password strength checking.
Robert Morris Jr. releases one of the first internet worms. It spreads partly by exploiting weak passwords and default credentials, infecting thousands of Unix machines across the early internet. A watershed moment: it demonstrated that password weakness is not just a theoretical concern but an active, large-scale attack vector.
Tools like Alec Muffett's Crack and L0phtCrack emerge, making dictionary and brute-force attacks practical on consumer hardware. MD5 becomes widely used for password hashing — fast by design, which turns out to be a fatal flaw. The security community begins debating the inadequacy of MD5 and DES-crypt for password storage.
The concept of precomputed hash chains is refined into what Philippe Oechslin names "rainbow tables" in 2003. By trading storage for speed, rainbow tables can reverse common password hashes in seconds. This attack is defeated only by proper salting — adding a unique random value to each password before hashing — which becomes standard practice.
Designed by Niels Provos and David Mazières in 1999, bcrypt is built to be intentionally slow — an adjustable cost factor means it stays resistant to brute force even as hardware improves. By the mid-2000s, bcrypt gains wide adoption as the gold standard for password hashing. The first dedicated password manager applications also appear around this time.
Social app RockYou stores 32 million passwords in plaintext. When breached, the dump reveals that "123456" is the single most common password, followed by "12345", "123456789", and "password". This dataset becomes the foundational wordlist for nearly every password cracking tool since. It ignites the modern password strength movement and public awareness of credential hygiene.
Argon2 wins the Password Hashing Competition in 2015 — designed to be resistant to GPU and ASIC attacks by requiring large amounts of memory in addition to computation time. In 2017, NIST publishes SP 800-63B, overturning decades of bad advice: stop forcing complex rules, stop mandatory 90-day rotations, check passwords against breach databases, and prioritize length over arbitrary complexity.
FIDO2 and WebAuthn define a new authentication model based on public-key cryptography. The private key never leaves the user's device; the server stores only a public key. No shared secret means no breach database, no phishing, and no credential stuffing. Apple, Google, and Microsoft ship passkey support across their platforms. The password era may finally be drawing to a close.
Co-created Unix and the /etc/passwd hashed password system. Co-authored the first major study of password cracking in 1979.
NSA cryptographer and Bell Labs researcher. Co-authored "Password Security: A Case History" — the paper that launched password security as a discipline.
Designed bcrypt (with David Mazières) in 1999. Pioneered the concept of an adaptive cost factor that keeps password hashing resistant to faster hardware over time.
Formalized and popularized rainbow tables in 2003, demonstrating how time-memory trade-off attacks can crack unsalted password hashes at massive scale.