How the password is built
Each character set you tick is added to one pool of allowed characters. The generator then picks characters from that pool at random until it reaches the length you asked for.
The strength label comes from entropy, an estimate of how many guesses an attacker would need. It is calculated as the length multiplied by log2 of the pool size, so both a longer password and a wider character set push the rating higher.
- More character sets means a larger pool and more entropy per character.
- Adding length is usually the cheapest way to raise strength.
Reading the strength rating
The label moves from Weak to Fair, Strong and Very strong as the estimated entropy grows. These bands are a rough guide, not a guarantee.
- Weak: easy to crack quickly, fine only for throwaway use.
- Strong or Very strong: a sensible target for accounts that matter.
- If a site rejects symbols, compensate by making the password longer.
Choosing good options
For most accounts a length of 16 or more with at least three character sets gives plenty of margin. Turn on symbols where the site allows them, since they widen the pool noticeably.
- Use a unique password for every account so one leak cannot spread.
- Avoid swapping random output for something memorable, which lowers entropy.
Staying secure
A strong password only helps if you store and use it safely. Save generated passwords in a reputable password manager rather than a notes file or browser autofill alone, and never reuse the same password across sites.
Where a service offers it, add two-factor authentication so a stolen password is not enough on its own.
Formula
entropy ≈ length × log2(charsetSize)Frequently asked questions
- Is the password stored anywhere?
- No. It is generated on the spot and never saved. Refreshing or recomputing produces a new one.