Trình tạo mật khẩu
Generate cryptographically secure random passwords.
What Makes a Password Strong?
Password strength is measured in entropy — the number of possible combinations an attacker would need to try. More entropy = harder to crack.
- Length matters most. Each additional character multiplies the number of possible combinations exponentially. A 16-character password is billions of times stronger than an 8-character one.
- Character variety helps. Using uppercase, lowercase, numbers, and symbols increases the pool size from 26 (lowercase only) to 89+ characters.
- Randomness is critical. "P@ssw0rd123!" looks complex but is easily guessable. True random generation (like this tool uses) is much stronger.
This generator uses the Web Crypto API (crypto.getRandomValues) — the same cryptographic random number generator used by banks and security software. It runs entirely in your browser.
Password Best Practices
Never reuse passwords. If one site is breached, attackers try the same password on every other site (credential stuffing). Unique passwords limit the damage.
Use a password manager. Tools like Bitwarden (free, open source), 1Password, or KeePass generate and store unique passwords for every account.
Enable 2FA everywhere. Even a strong password can be phished. Two-factor authentication adds a second layer. Try our 2FA Code Generator to test your setup.
Check for breaches. Services like Have I Been Pwned tell you if your email appeared in known data breaches.
FAQ
Is this password generator secure?
Yes. Passwords are generated entirely in your browser using the Web Crypto API. No passwords are ever sent to any server.
How long should my password be?
At least 12 characters for most accounts. For sensitive accounts like banking or email, use 16+ characters with all character types enabled.
Should I use a password manager?
Yes. Use a password manager like Bitwarden, 1Password, or KeePass to store unique passwords for every account. Never reuse passwords.