Free Password Generator — Passphrase & Strength Checker

Generate strong random passwords, create memorable passphrases, or check how strong your existing password is — all free. 1Password charges for this.

Runs in your browser
Strength: Very WeakEntropy: 0 bits
16

A password generator, passphrase maker, and strength checker in one

Three tools share one screen. The Password tab builds a strong random password from 6 to 64 characters using any mix of uppercase, lowercase, digits, and symbols. The Passphrase tab strings together 3–7 random words into something memorable — the “correct horse battery staple” idea. The Strength Checker reads out the entropy, an estimated crack time, and a list of weaknesses for a password you already use. Everything happens inside your browser tab: nothing you generate or paste is ever sent to a server, which is why the checker keeps working even with your Wi-Fi switched off.

The randomness is the part that quietly matters most. Each character and each word is drawn with the Web Crypto API’s crypto.getRandomValues() — a cryptographically secure generator — rather than Math.random(), whose output can be reconstructed by an attacker who sees enough of it. A generator is only as strong as its source of chance, and this one uses the good source.

How long would it take to crack your password?

The table below assumes the worst realistic case: an attacker who has stolen a hashed password database and is grinding through it offline at about one billion guesses per second. The times are the average (expected) point at which a brute-force attack stumbles onto the right value — roughly half the keyspace. Two things move the needle: length and the size of the character pool. A 16-character password using all four character types carries about 105 bits of entropy; the same length in lowercase only is a fraction of that.

LengthLowercase only (a–z)All four types (upper, lower, digits, symbols)
8 characters~2 minutes~35 days
12 characters~1.5 years~7.5 million years
16 characters~700,000 years~590 trillion years
20 characters~300 billion years~4.6 × 10²² years

Treat these as orders of magnitude, not promises. The real guess rate is set by how the site stored the password. A slow, salted hash like bcrypt or Argon2 can throttle an attacker down to a few thousand guesses a second; a fast, unsalted hash such as MD5 or NTLM lets a GPU rig run at a hundred billion or more per second, which collapses the shorter and lowercase rows especially. If you want to see what those hash functions actually look like, our MD5 and SHA-256 hash generator shows the fingerprint a site stores instead of your plain password.

Online vs offline attacks — and why NIST stopped forcing complexity

The Strength Checker reports two very different crack times because there are two very different attacks. An online attack guesses against a live login form, so it is throttled by rate limits, lockouts, and multi-factor prompts — the tool models this at roughly 10 guesses per second, and at that pace even a mediocre password survives for years. An offline attack assumes the attacker already dumped the hashed database in a breach and is cracking it locally, which is where the billion-per-second figure comes from. The offline number is the honest one to design around, because you rarely find out a database leaked until it is already circulating.

This is also why modern guidance flipped. The current NIST SP 800-63B digital identity guidelines lean on length over complexity: they recommend supporting long passwords and passphrases (at least 64 characters), allowing every printable character and spaces, and letting people paste from a password manager. They explicitly advise against mandatory composition rules (“must contain an uppercase letter, a number, and a symbol”) and against forced periodic rotation unless there is evidence of compromise. The reasoning is behavioural: when people are forced to add a symbol they type Password1!, and when they are forced to rotate they type Password2!. NIST would rather you pick one long, unique credential and keep it. Screening new passwords against known-breach lists does far more good than any complexity rule.

Common password mistakes (and which ones the checker catches)

Keyboard walks
Patterns like qwerty, asdfgh, and 1qaz2wsx look random but trace a straight line on the keyboard, so they sit near the top of every cracking wordlist. The checker flags common sequences like 123 and qwerty directly.
Leetspeak on a dictionary word
Turning password into P@ssw0rd feels clever, but cracking tools apply those exact substitutions automatically — the swap adds almost no real entropy. A random string or a genuine passphrase beats any decorated word.
Appending a year or an exclamation mark
Tacking 2024 or ! onto the end to satisfy a complexity rule is the first thing attackers try, so Summer2024! is barely stronger than Summer. Length from more random material helps; a predictable suffix does not.
Reusing one password everywhere
A single breach turns into a master key. In a credential-stuffing attack, the leaked email-and-password pair is replayed against hundreds of other sites automatically. A unique password per account contains the damage to one login.
Building it from personal facts
A name, birthday, pet, or favourite team is often a public fact or a quick guess for someone who knows you. Randomness has to come from a source an attacker cannot look up.

Passphrases, Diceware, and why word count beats a clever word

The Passphrase tab draws random words from a built-in list, joins them with a separator you choose (hyphen, underscore, dot, space, or nothing), and can optionally capitalise each word or append a number. Because the words themselves are common, the result is easy to remember and fast to type — the classic answer to “strong but human-memorable.” The strength lives entirely in the random selection, not in the words being obscure.

That principle is Diceware. In the method popularised by the Electronic Frontier Foundation, each word is chosen at random from a numbered list, and the entropy per word is simply the base-2 logarithm of the list size. The EFF long wordlist has 7,776 words, so every word contributes about 12.9 bits — six words land near 77 bits, which is comfortably uncrackable offline. The security comes from the fact that the list is public and the choice is random; keeping the words secret adds nothing you can measure.

The practical lever is word count. Each extra word multiplies the number of guesses an attacker needs, so a made-up but short phrase is weaker than a longer random one, and “obscurity” — a weird sentence you invented — can’t be scored because it usually isn’t truly random. For a login you have to memorise, such as a device password or a password-manager master password, add words rather than clever punctuation: push the slider to six or seven and you buy real, quantifiable strength.

When this tool isn’t the whole answer

It generates and it analyses — it does not store. There is no vault here, so pair it with a real password manager (Bitwarden, 1Password, Dashlane, and KeePass are common choices) to keep a unique password for every account without memorising any of them. The Strength Checker is a heuristic too: it scores entropy and flags obvious patterns, but it cannot know whether your exact password has already surfaced in a breach. For that, a service like Have I Been Pwned checks a password against known leaks — and NIST specifically recommends screening against those lists.

One more limit worth naming: a strong password can’t save you from handing it to the wrong site. If a login page arrives by email or a link looks off, confirm where it really goes before you type anything — you can paste a suspicious link into our URL explainer that flags shady links first. And if a service ever emails you your own password in plain text or blocks you from pasting one, treat that as a signal about how carelessly they store it.

Frequently asked questions

Yes. Every character and every passphrase word is drawn with the Web Crypto API’s crypto.getRandomValues(), the browser’s cryptographically secure random generator, not the predictable Math.random(). It all runs locally in your browser tab — nothing is generated on or sent to a server.

Yes. The checker analyses your password entirely in your browser using JavaScript — it is never transmitted or stored anywhere. You can disconnect from the internet and it still works.

At least 12 characters for everyday accounts and 16 or more for email, banking, server and admin logins, and password-manager master passwords. Length is the biggest lever: as the crack-time table shows, each extra character multiplies the number of guesses an attacker needs.

Use a random password for the many accounts your password manager remembers for you — you never have to type it. Use a passphrase for the few credentials a human must memorise, like a device login or the manager’s own master password, where being memorable matters.

Entropy in bits is the password length multiplied by log2 of the character-pool size (lowercase adds 26, uppercase 26, digits 10, symbols roughly 32). The crack time is derived from that entropy at two rates: about 10 guesses per second for a rate-limited online login, and one billion per second for an offline attack on a stolen hash.

Yes. This tool creates strong, unique passwords but deliberately does not store them. A password manager saves and autofills a different password for every site, which is what actually defeats credential-stuffing attacks after a breach.

From Our Blog

Related Tools