Skip to main content
SplitGenius
SplitGenius
AI-PoweredDecision ToolsFree — No sign-up

Password Generator

A 12-character password with mixed types has 79 bits of entropy and would take centuries to brute-force. A 16-character one is 10,000x harder. Set your length, toggle character types on or off, exclude ambiguous characters for readability, and generate up to 50 passwords at once. Every result shows the strength rating and estimated crack time so you know exactly how secure it is.

By SplitGenius TeamUpdated February 2026

A 16-character password with uppercase, lowercase, numbers, and symbols has 105 bits of entropy and would take billions of years to crack by brute force. Generate strong, random passwords instantly with custom length and character options.

Password Length

16
4326496128

Character Types

ABCDEFGHIJKLMNOPQRSTUVWXYZ

abcdefghijklmnopqrstuvwxyz

0123456789

!@#$%^&*()_+-=[]{}|;:,.<>?

Removes I, l, 1, O, 0, o, S, 5, Z, 2, B, 8 for easier reading

1 to 50 passwords at once

How This Calculator Works

1

Enter Your Details

Fill in amounts, people, and preferences. Takes under 30 seconds.

2

Get Fair Results

See an instant breakdown with data-driven calculations and Fairness Scores.

3

Share & Settle

Copy a shareable link to discuss results with everyone involved.

Frequently Asked Questions

People Also Calculate

Random Number

Generate random numbers in any range with controls for quantity, decimal places, and duplicate prevention. Summary stats included.

Characters

Count characters, words, sentences, and paragraphs in real time. See reading time (238 WPM), speaking time (150 WPM), and platform limits.

Color

Convert any color between HEX, RGB, and HSL with live previews. Get complementary, analogous, and triadic harmony suggestions automatically.

Base Converter

Convert between binary, octal, decimal, and hex instantly. Enter a number in any base and see all four representations side by side.

Percentage

Three modes: what is X% of Y, percentage change between two numbers, and what percent X is of Y. Every answer shows the formula.

Unit Converter

Convert length, weight, volume, temperature, area, speed, time, and data units instantly. See the formula and all common equivalents at once.

Rent vs Buy

At 7% mortgage rates, buying isn't automatically smarter than renting. Compare true costs over 1-30 years including equity, taxes, maintenance, and opportunity cost.

Net Effective Rent

A $3,000/mo apartment with 2 months free actually costs $2,500/mo. Convert any concession package into the real monthly cost and compare up to 10 apartments.

Renters Insurance

Renters insurance runs $15-30/mo for $30K in coverage. Estimate your premium, compare individual vs. joint roommate policies, and find the smarter option.

Explore 182+ Free Calculators

Split rent, bills, tips, trips, wedding costs, childcare, and more.

Browse All Calculators

Password Security Best Practices

The single most effective thing you can do for account security: use a unique, randomly generated password for every account. Reusing passwords is the #1 cause of account breaches. When one site gets hacked, attackers try those credentials everywhere else — a technique called credential stuffing.

Here are the rules that actually matter, based on current research and NIST guidelines:

  • Minimum 12 characters, ideally 16+. Length beats complexity. A 16-character lowercase-only password (entropy: 75 bits) is harder to crack than an 8-character password with every character type (entropy: 52 bits).
  • Use a password manager. 1Password, Bitwarden, or Apple Keychain. Generate and store a unique password for every account. You only need to memorize one master password.
  • Enable two-factor authentication (2FA). Even a strong password can be phished. 2FA with an authenticator app (not SMS) adds a second layer that survives credential theft.
  • Never share passwords over email or text. Use your password manager's secure sharing feature, or share through an encrypted channel.
  • Stop changing passwords on a schedule. NIST SP 800-63B explicitly recommends against forced periodic changes. Change passwords only when you suspect compromise.

How Password Entropy Works

Entropy measures the randomness (unpredictability) of a password in bits. The formula is simple: entropy = length × log²(pool size). A password using 95 printable ASCII characters (26 uppercase + 26 lowercase + 10 digits + 33 symbols) at 16 characters long has 16 × 6.57 = 105 bits of entropy.

Each additional bit of entropy doubles the number of possible passwords. A 60-bit password has 2&sup6;&sup0; (about 1.15 quintillion) possible combinations. At 10 billion guesses per second — a realistic rate for modern GPU-based attacks — that takes roughly 36 years to exhaust. At 105 bits, the time exceeds the age of the universe.

Entropy Thresholds

Entropy (bits)StrengthExampleCrack Time (10B guesses/sec)
< 28Weak4-char numeric PINInstant
28 – 35Fair6-char lowercaseSeconds to minutes
36 – 59Strong10-char mixed case + numbersHours to years
60+Very Strong16-char all character typesMillions to billions of years

NIST Password Guidelines (SP 800-63B)

The National Institute of Standards and Technology updated its password recommendations in 2024 with significant changes from older guidelines. The key takeaways for individuals:

  • Minimum 8 characters, recommended 15+. NIST sets the floor at 8, but acknowledges longer is significantly better. Service providers should support up to at least 64 characters.
  • No composition rules required. Forcing uppercase + number + symbol leads to predictable patterns like "Password1!". Let users choose any characters they want — length matters more than forced complexity.
  • No periodic password changes. Mandatory rotation causes users to make minimal, predictable changes (Password1 → Password2). Change only when there is evidence of compromise.
  • Screen against breached password lists. Before accepting a new password, check it against known breached password databases (like Have I Been Pwned). A "strong" password that appears in a breach list is worthless.
  • Allow paste into password fields. Blocking paste prevents password managers from filling credentials, which discourages their use. Always allow paste.

Character Pool Size by Type

Characters IncludedPool SizeBits per Character12-char Entropy
Lowercase only (a-z)264.7056.4 bits
Lower + upper (a-zA-Z)525.7068.4 bits
Lower + upper + digits625.9571.5 bits
All types + symbols886.4677.5 bits
All printable ASCII956.5778.8 bits

Common Password Attacks

  • Brute force: Try every possible combination. Entropy determines how long this takes. A truly random 16-character mixed password is immune to brute force with current technology.
  • Dictionary attacks: Try common words, names, and known passwords. "Sunshine2024!" feels strong but appears in breach lists. Random generation avoids this entirely.
  • Credential stuffing: Reuse stolen username/password pairs from one breach on other sites. Unique passwords per site neutralize this attack completely.
  • Phishing: Trick users into entering passwords on fake sites. No password strength protects against this — use 2FA and verify URLs before entering credentials.
  • Rainbow tables: Precomputed hash lookups for common passwords. Proper salting by services defeats this, but random passwords add defense in depth.

When to Exclude Ambiguous Characters

Characters like I, l, 1, O, and 0 look identical in many monospace fonts. Exclude them when you need to read a password aloud, type it manually from a screen, or share it on paper (Wi-Fi passwords, temporary access codes). For passwords stored in a password manager, keep ambiguous characters — they increase the character pool and entropy.

Need a random number for a raffle, lottery pick, or simulation? Use our random number generator for quick, unbiased number selection with customizable range and count.