Generate a Strong Password

What Makes a Password Strong?

A strong password is one that is practically impossible to guess through brute-force attacks, dictionary attacks, or social engineering. Three factors determine password strength: length, character diversity, and randomness.

Length

Length is the single most important factor. Each additional character multiplies the number of possible combinations exponentially. A 12-character password using the full ASCII printable set (~95 characters) has:

95^12 = 5.4 x 10^23 possible combinations

Compare that to an 8-character password:

95^8 = 6.6 x 10^15 possible combinations

The 12-character password is roughly 80 million times harder to crack.

Character Diversity

Using all four character classes maximizes the keyspace:

• Uppercase letters (A-Z): 26 characters
• Lowercase letters (a-z): 26 characters
• Digits (0-9): 10 characters
• Special characters (!@#$%^&*...): ~33 characters

A password using only lowercase letters draws from 26 characters per position. Adding all classes increases that to 95 characters per position — a massive improvement.

Randomness (Entropy)

True randomness means no patterns, no dictionary words, no personal information. Human-chosen passwords tend to follow predictable patterns (Password1!, Summer2024!). A cryptographically secure random number generator (CSPRNG) eliminates this bias entirely.

Entropy Calculation

Password entropy is measured in bits:

Entropy = log2(C^L)

Where C is the character pool size and L is the password length. A strong password should have at least 60 bits of entropy, though 80+ bits is recommended for sensitive accounts.

Practical Recommendations

• Use 12 characters minimum for general accounts
• Use 16+ characters for high-security accounts (banking, email, password managers)
• Enable all character classes unless the service restricts them
• Never reuse passwords across services