Strong Password Generator — Entropy & Crack Time Analysis
Strong passwords & passphrases — instantly, offline, free
Real security metrics — not just a colour bar. See exact entropy in bits, a Weak/Fair/Strong/Very Strong rating, crack time at 10 billion guesses per second (GPU cluster), and actionable tips to improve weak passwords instantly.
Frequently Asked Questions
How is password strength calculated?
Based on Shannon entropy: log2(pool_size) × length. Pool size = active character sets (lowercase 26, uppercase 26, numbers 10, symbols 32).
What does crack time mean?
Assumes offline brute-force at 10 billion guesses/sec — realistic speed for a high-end GPU cluster using hashcat. Online attacks are far slower (10–1000/sec with rate limiting).
When is a password rated "Very Strong"?
Requires 80+ bits entropy — typically 14+ characters with all four character sets, or a 6-word passphrase.
What improvement tips are shown?
Tips are shown per failing criterion: use 8+/12+ characters, add uppercase, add numbers, add symbols, avoid repeating characters.
Is 60 bits of entropy enough?
60 bits (Strong) = ~36 years to crack offline at 10B/sec. Excellent for most accounts. For banking or email, aim for 80+ bits (Very Strong).