Secure Password Generator

Passwords are secret character strings that gate access to accounts and data, and their strength depends on length, variety of symbols, and how predictable the pattern is. A stronger password resists guessing for longer so the practical goal is a string that balances memorability with high resistance to automated attacks.

You choose the length and which types of characters to include, then create a candidate and review two quick signals of quality. An entropy estimate summarizes how many bits of unpredictability the selection carries, and a separate strength score reflects common pattern weaknesses found by a strength estimator.

Results update as options change so you can test short and long strings and see the effect of including uppercase letters, lowercase letters, numbers, and symbols. You may also exclude lookalike characters to avoid slips when reading or typing, and you can allow only unique characters if you prefer no repeats.

A realistic example is a 12 character mix with lookalikes removed that shows about 77.1 bits of entropy and an estimated crack time around 517 k years at ten billion guesses per second. Treat these as guides rather than promises and avoid reusing the same password across services.

Technical Details:

The measurable quantities are password length and the active character pool size. From these, an information measure in bits is computed to summarize unpredictability, and a separate strength score from a heuristic estimator maps to five labels that range from Very Weak to Strong. Estimates reflect snapshot difficulty against blind guessing rather than targeted attacks.

Entropy in bits is modeled as length times the base two logarithm of the active pool size, which assumes uniform independent selection from the chosen characters. A crack time is then estimated by dividing the total number of combinations by a fixed guess rate and expressing the result as hours, days, years, or thousands of years.

Interpretation follows two tracks. Higher bit counts indicate more possibilities, and the score label summarizes recognizable patterns that reduce practical strength. Values near boundaries should be read cautiously because a small change in length or pool size can shift the label while only modestly changing overall resistance.

Comparisons are meaningful only when options are held constant. Removing lookalike characters reduces the pool but can reduce user error. Enabling unique characters samples without replacement until the pool is exhausted, then restarts, which keeps variety high for typical lengths well below the pool size.

\begin{array}{lll} H & = & L \cdot log 2_{} (N) \\ C & = & N^{L} \\ t_\sec & = & \frac{C}{g} \\ t_yr & = & \frac{t}{31,557,600} \end{array}

Symbols and units used in formulas
Symbol	Meaning	Unit/Datatype	Source
L	Password length	integer	Input
N	Active character pool size	integer	Derived from options
H	Entropy	bits	Computed
C	Total combinations	count	Computed
g	Guess rate	10¹⁰ guesses/s	Constant
t	Crack time estimate	seconds, days, or years	Computed

Worked example

Options: uppercase, lowercase, numbers, symbols enabled; lookalikes excluded; length L = 12. Pool size N = 86. Entropy H = 12 × log₂(86) ≈ 77.1 bits.

\begin{array}{lll} H & \approx & 12 \cdot log 2_{} (86) = 77.1 bits \\ t_yr & \approx & \frac{86^{12}}{10 10^{}} \div 31,557,600 \approx 517.0 k yrs \end{array}

Interpretation: with these settings, blind guessing is impractical; changing length or pool membership adjusts both estimates directly.

Strength score labels
Score	Label	Progress indicator
0	Very Weak	20 %
1	Weak	40 %
2	Fair	60 %
3	Good	80 %
4	Strong	100 %

Character sets: uppercase A–Z, lowercase a–z, digits 0–9, and a 30 symbol set.
Lookalike filter removes 0, o, O, 1, l, I when enabled.
Unique characters samples without replacement until the pool empties, then the pool resets.

Units, precision & rounding

Decimal separator is a dot. Entropy displays one decimal place. Crack time shows thousands of years with one decimal and whole years, days, or hours otherwise. Strength progress advances in fixed 20 % steps.

Validation & bounds

Input validation and limits
Field	Type	Min	Max	Step/Pattern	Error Text	Placeholder
Length	Number	1	100	Integer	None	None
Uppercase	Checkbox	—	—	Boolean	None	None
Lowercase	Checkbox	—	—	Boolean	None	None
Number	Checkbox	—	—	Boolean	None	None
Symbol	Checkbox	—	—	Boolean	None	None
Exclude ambiguous	Checkbox	—	—	Boolean	None	None
Unique characters	Checkbox	—	—	Boolean	None	None

I/O behavior

Copy places the current password on the clipboard.
Download saves a one line text file with a trailing newline.
History keeps the last 20 generated passwords in memory.

Randomness, sampling & reproducibility

Characters are chosen uniformly from the active pool.
Unique mode avoids repeats until every pool character is used.
Outputs vary for the same settings because a pseudorandom source drives selection.

Privacy & compliance

No data is transmitted or stored server‑side; generation, strength estimation, and file or clipboard actions occur in the browser.

Step‑by‑Step Guide

Password strength and estimated resistance are produced from your chosen length and character pool.

Set Length to your target number of characters.
Enable character types you want to allow.
Turn on Exclude ambiguous to avoid lookalikes if desired.
Toggle Unique characters to prevent repeats within one pool cycle.
Generate and review the entropy, score label, and crack time.
Adjust options and regenerate until the result fits your policy.

Example: Length 16 with letters, numbers, and symbols, ambiguous excluded, yields a high entropy result with a Strong label.

When satisfied, copy the password or download a text copy for your password manager.

FAQ

Is my data stored?

Clipboard and files are created locally. No. Generation, evaluation, and copying happen in the browser. Nothing is sent to a server.

How accurate is the entropy?

It assumes each character is chosen uniformly from the active pool. Real strength can be lower if human patterns appear.

What does the score label mean?

It summarizes common weaknesses such as dictionary words or predictable patterns. Strong indicates better resistance than Fair or Good.

Which characters are excluded as ambiguous?

Zero, lowercase o, uppercase O, digit one, lowercase l, and uppercase I are removed when the option is enabled.

Can I prevent repeated characters?

Yes. Unique characters avoids repeats until the pool is exhausted. If length exceeds the pool, repeats can occur afterward.

Does this work without a network?

Yes. Once the page is loaded, generation and strength evaluation continue entirely in the browser.

How do I make a 16 character password without symbols?

Set length to 16, enable letters and numbers, disable symbols, then generate and review the estimates.

What if the progress bar stays low?

Increase length or add more character types. Excluding lookalikes reduces the pool slightly and may lower the estimate.

Troubleshooting

Copy does nothing: check clipboard permissions and try again.
Download does nothing: allow downloads and retry.
No password appears: ensure at least one character type is enabled.
Strength never changes: verify options and regenerate after each change.
Entropy shows zero: a disabled pool leaves no characters to choose.
Tabs do not switch: select the tab again to refresh the panel.

All character types disabled leaves the pool empty. Enable at least one type before generating.

Advanced Tips

Tip Prefer longer passphrases if you need memorability; use a manager to store random strings.
Tip Keep settings consistent when comparing strength across options.
Tip Exclude lookalikes for strings you will read aloud or type from print.
Tip Unique characters help variety for short to medium lengths.
Tip Increase length first before adding more character types if websites ban symbols.
Tip Do not reuse passwords; a manager can generate different ones per site.

Glossary

Entropy (bits): Amount of unpredictability under a uniform model.
Character pool: The set of symbols allowed for selection.
Guess rate: Assumed speed of attempts used to estimate time.
Lookalike characters: Visually similar symbols like 0 and O that cause slips.
Unique characters: Sampling without replacement until the pool resets.
Strength score: Heuristic label for common pattern weaknesses.