2 min read
How to Create a Strong Random Password
What actually makes a password strong, why uniqueness beats cleverness, and how local generation keeps passwords private.
The three properties that matter
Strong passwords have exactly three properties: length (each added character multiplies the search space), randomness (generated by a machine, not composed from words, dates, and substitutions humans reuse), and uniqueness (never shared between accounts). A 16-character random password with mixed character sets is beyond practical brute force.
Uniqueness deserves emphasis because it addresses the most common real attack: credential stuffing, where a password leaked from one site is tried on every other. The strongest password in the world protects nothing if it's reused on a site that gets breached.
Generating one safely
A well-built browser generator uses the Web Crypto API — the operating system's cryptographically secure random source — and runs entirely on your device, so the password never crosses a network. You can verify this property yourself: load the page, disconnect from the internet, and generate.
- 1Open the Password Generator.
- 2Set length to 16+ (20+ for high-value accounts).
- 3Enable all character sets; enable 'exclude ambiguous' only if you'll read the password aloud or type it from paper.
- 4Generate, copy, and save it directly into a password manager.
Where passphrases fit
For the handful of passwords you must memorize — a password manager's master password, disk encryption — a random passphrase of five or six words is easier to type and remember while remaining extremely strong. For everything else, random character strings stored in a manager are the practical choice.
Frequently asked questions
Are password strength meters accurate?
They're estimates of entropy, good for catching obviously weak choices. A meter can't know if a password is reused or already leaked — uniqueness is on you.
How often should I change passwords?
Current guidance: change on evidence of compromise, not on a schedule. Forced rotation nudges people toward weaker, patterned passwords.
Tools mentioned in this guide
Keep reading