Password length 20

43264128

Count

Character sets

A–Z Uppercase a–z Lowercase 0–9 Numbers !@# Symbols

Exclude ambiguous characters (0, O, l, 1, I) At least 1 of each selected set

Entropy / strength

—

What makes a strong password?

Password entropy — the real measure of strength

A password's strength is measured in bits of entropy — a mathematical measure of how unpredictable it is. Each bit of entropy doubles the number of guesses an attacker needs to try. A 20-character password using all character sets (uppercase, lowercase, numbers, symbols) has roughly 130 bits of entropy, making brute-force attacks computationally infeasible even with the most powerful hardware available today.

Length matters more than complexity. A 20-character lowercase-only password is far harder to crack than an 8-character password with special characters. The best strategy is to use both: long passwords with a diverse character set. This generator uses the browser's crypto.getRandomValues() API to ensure cryptographically secure randomness — the same quality of randomness used in encryption keys.

Password best practices

Use at least 16 characters — preferably 20+
Never reuse a password across different sites
Store passwords in a trusted password manager
Enable 2FA on every account that supports it

100% private & client-side

Uses crypto.getRandomValues() — CSPRNG
Zero data transmitted to any server
Same randomness quality as encryption keys
Works offline after initial page load

How to use this tool

Drag the slider to set your desired length
Toggle character sets and optional filters
Click Generate — results appear instantly
Copy all to clipboard or download as .txt

Entropy guide

<40 bits — Very weak, avoid
40–60 bits — Moderate, acceptable for low-risk
60–100 bits — Strong, suitable for most accounts
100+ bits — Very strong, recommended