What makes a strong password?

NIST SP 800-63B: length beats complexity. A random 16+ character password with mixed types is excellent. Minimum 12 chars, not a dictionary word, unique per site, randomly generated.

Is this password generator safe to use?

Yes. We use crypto.getRandomValues() (browser cryptographic API), not Math.random(). Passwords never leave your browser, are never stored and never transmitted.

Should I use a password manager?

Yes, strongly recommended. Average person has 100+ accounts. Bitwarden (free, open source) or 1Password (paid) store unique passwords for every site so you remember only one master password.

Lösenordsgenerator — Strong, Secure & Instant

Lösenordsgeneratorn skapar kryptografiskt slumpmässiga lösenord i valfri längd — med versaler, gemener, siffror och specialtecken efter önskemål. Till skillnad från mänskligt valda lösenord innehåller algoritmiskt genererade lösenord inga förutsägbara mönster, vilket gör dem mycket bättre skyddade mot brute-force-attacker.

Entropin (säkerheten) för ett lösenord växer exponentiellt med längden och teckenuppsättningen. Ett 12-tecken lösenord med alla teckentyper har ungefär 72 bits entropi — praktiskt taget omöjligt att knäcka vid online-attacker. NCSC rekommenderar minst 12 tecken för vanliga konton och 20 eller fler för kritiska system. Använd ett unikt, slumpmässigt lösenord för varje konto. Kontrollera styrkan med vår Lösenordsstyrke-kontroll. Gratis, utan registrering.

What makes a password truly strong?

The NIST Special Publication 800-63B (2017) fundamentally changed how security professionals think about password strength. The old paradigm — mandatory complexity rules like "must include uppercase, number and symbol" — turns out to be counterproductive because it leads to predictable patterns (Password1!, Summer2024!). NIST's updated guidance: length matters more than complexity. A 20-character passphrase of random words ("coffee-mountain-river-lamp-27") is far stronger than an 8-character "complex" password and vastly easier to remember. Our generator uses a cryptographically secure random number generator (CSPRNG) — not JavaScript's regular Math.random() which is not cryptographically secure — to generate genuinely unpredictable passwords.

Why you need a different password for every site

Data breaches expose billions of credentials annually. When a site is breached, attackers immediately use the stolen username/password pairs to attempt logins on every major service — a technique called credential stuffing. If you reuse passwords, a breach at one minor site can unlock your email, banking and social accounts. Use a password manager (Bitwarden, 1Password, KeePass) to generate and store unique passwords for every service. After generating your password here, check its strength with our Password Strength Checker.

Lösenordsgenerator

What makes a password truly strong?

Why you need a different password for every site

❓Vanliga frågor

Vanliga frågor