The Short Answer
Strong
- 7$Kp9!mQv2nLxR4wT8z
- correct-horse-battery-staple-71
Long, unpredictable, generated by a CSPRNG or chosen via Diceware.
Weak
- P@ssw0rd2026!
- Summer1989#
Predictable substitutions and dates. Cracked in seconds by any modern wordlist attack.
Length Matters More Than Symbols
NIST SP 800-63B — the U.S. government's digital identity guideline — explicitly tells administrators to drop forced character-class rules ("must contain uppercase, lowercase, digit, symbol") and instead require a minimum length of 8 characters, with 15+ recommended for high-value accounts. The reasoning is mathematical, not philosophical.
An attacker doesn't guess passwords character by character. They run rule-based attacks against leaked wordlists. P@ssw0rd! is one rule-substitution away from password, which appears in every wordlist on Earth. A 20-character random string of just lowercase letters has roughly the same entropy as a 12-character mixed-case + symbol string — but it's also less likely to be in any rulelist.
The math: doubling the length of a random password squares the search space. Adding one symbol class only multiplies it by a constant. Length wins, every time.
What Is Password Entropy?
Entropy is a measure of unpredictability, expressed in bits. The formula for a password drawn uniformly from a charset is:
bits = length * log2(charset_size)
// Examples
// 8 chars, lowercase only (26): 8 * log2(26) = 37.6 bits
// 12 chars, mixed alphanumeric (62): 12 * log2(62) = 71.5 bits
// 16 chars, full ASCII (95): 16 * log2(95) = 105.1 bits
// 20 chars, lowercase only (26): 20 * log2(26) = 94.0 bitsModern GPU rigs can compute roughly 1 trillion (10^12) hash guesses per second against an unsalted MD5. Against bcrypt with cost 12, the same hardware drops to about 10,000 guesses/sec. The table below assumes the attacker has the hash and is offline-cracking against a fast unsalted hash:
| Entropy | Combinations | Crack time @ 1T/sec |
|---|---|---|
| 40 bits | 1.1 × 10^12 | ~1 second |
| 60 bits | 1.2 × 10^18 | ~13 days |
| 80 bits | 1.2 × 10^24 | ~38,000 years |
| 100 bits | 1.3 × 10^30 | ~40 billion years |
| 128 bits | 3.4 × 10^38 | heat death of universe |
Aim for at least 80 bits for personal accounts and 128 bits for anything protecting money, secrets, or other people's data.
The "Strong" Password Theatre
P@ssw0rd! looks strong to a human and to a regex-based password-strength meter. It contains uppercase, lowercase, a digit, a symbol, and is 9 characters. A naïve calculation gives it 9 × log2(95) ≈ 59 bits.
Reality: every cracker knows the substitutions a → @, o → 0, i → 1, e → 3, s → $, leading capital, trailing punctuation. Hashcat's best64.rule applies all of these in milliseconds. The effective entropy of P@ssw0rd! against a real attacker is closer to 15 bits — under a second to crack.
The strength meter on the signup form was lying to you. It measured surface complexity, not unpredictability.
Passphrases vs Passwords
A passphrase is a sequence of unrelated words drawn from a list — the canonical method is Diceware, where you roll five dice per word against a 7,776-word list. Each word adds log2(7776) ≈ 12.9 bits. Six Diceware words give roughly 77 bits, which is plenty for almost any threat model.
The famous XKCD #936 example, correcthorsebatterystaple, is a four-word passphrase worth about 44 bits if the attacker knows you used Diceware. Easy to type, easy to remember, easy to dictate over the phone — but only if you generate the words randomly. Don't pick a sentence from a book.
| Method | Length | Entropy | Memorable? |
|---|---|---|---|
| Random ASCII | 16 | 105 bits | No |
| Diceware ×6 | ~28 chars | 77 bits | Yes |
| Diceware ×8 | ~36 chars | 103 bits | Yes (with effort) |
| Random alnum | 22 | 131 bits | No |
Why You Need a Password Manager
Memorizing a unique 16-character random password for every site is impossible. Reusing one strong password across sites is a single-breach catastrophe. The only sane answer in 2026 is a password manager.
Browser built-in
Free, integrated, sync via your account. Weakness: locked into one ecosystem, no shared vaults, limited audit features.
1Password
Polished UX, family/team plans, secret-key extra factor. Paid subscription. Best for non-technical households.
Bitwarden
Open source, free tier covers most personal use, self-hostable. Best for engineers who want to read the source.
Whichever you pick, enable a strong master password (Diceware ×6 minimum) and a hardware second factor (YubiKey or platform passkey). The master password is the one secret you actually have to remember.
Generating Strong Passwords Programmatically
If you're building a tool, never use Math.random() for password generation — it's deterministic and predictable. Always use a CSPRNG. In a browser or Node.js, that's crypto.getRandomValues:
function generatePassword(length = 20) {
const charset =
'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +
'abcdefghijklmnopqrstuvwxyz' +
'0123456789' +
'!@#$%^&*()-_=+[]{};:,.<>?';
// 95 chars; we want unbiased indices in [0, 95)
// Use rejection sampling to avoid modulo bias
const max = 256 - (256 % charset.length); // 190
const bytes = new Uint8Array(length * 2); // oversample
crypto.getRandomValues(bytes);
let out = '';
let i = 0;
while (out.length < length) {
if (i >= bytes.length) {
crypto.getRandomValues(bytes);
i = 0;
}
if (bytes[i] < max) {
out += charset[bytes[i] % charset.length];
}
i++;
}
return out;
}
console.log(generatePassword(20));
// e.g. "7$Kp9!mQv2nLxR4wT8z."The rejection-sampling step matters: a naïve bytes[i] % 95 would slightly favor the first 66 characters of the charset because 256 is not divisible by 95. Over a 20-character password the bias is small, but in cryptographic code "small bias" is "wrong."
Common Password Mistakes
Generate a strong password now
Cryptographically secure, configurable length and charset, never leaves your browser.