Skip to main content
February 14, 2026 · numbers · 2 min read

How to Generate Strong Passwords Online

A short, practical guide to picking passwords that resist modern attacks — what length, what character classes, and what to skip.

What makes a password "strong" in 2026

Password strength comes down to one thing: entropy — how many guesses an attacker would have to try, on average, to find yours. Entropy depends on:

  • Length. Each extra character multiplies the search space.
  • Character set. Lowercase only is 26 options per slot. Adding uppercase, digits, and symbols pushes that toward 90+.
  • Randomness. "P@ssw0rd!" looks complex but appears in every cracking dictionary. A truly random string of the same length is millions of times harder to crack.

Modern guidance from NIST is essentially: make it long, make it random, and don't reuse it.

A working baseline

For accounts you actually care about:

  • 16+ characters for general-purpose passwords.
  • 20+ characters for password manager master passwords and email accounts.
  • Mix of lowercase, uppercase, digits, and at least one symbol — unless the site refuses symbols, in which case lean harder on length.

What to avoid

  • Dictionary words and substitutions like Tr0ub4dor. Cracking tools have been doing those substitutions since the 90s.
  • Personal info — birthdates, pet names, anything someone could pull off your public profiles.
  • Reuse. One leaked site shouldn't compromise five others. Use a password manager.

Where the generator fits

A good password generator gives you cryptographically random output at the length and character set you specify, so the only step you're responsible for is storing it safely — in a password manager, not a sticky note.

Use the Password Generator to produce one now. Pick 20 characters with mixed case, digits, and symbols, then save it directly to your password manager.

A few generators that pair well with the topics above: