# How to Generate a Secure Password > Generate strong, random passwords with customizable length and character options. Create passwords that meet any security requirement. - URL: https://www.browserutils.dev/how-to/generate-password - Published: 2026-04-15 - Updated: 2026-03-16 --- ## Step 1: Set the password length Choose a password length of at least 12 characters. Longer passwords are exponentially harder to crack, with 16 or more characters recommended. ## Step 2: Select character types Enable or disable uppercase letters, lowercase letters, numbers, and special characters based on the requirements of the service you are creating the password for. ## Step 3: Exclude ambiguous characters Optionally exclude characters that look similar, such as 0 and O or l and 1, to avoid confusion when typing the password manually. ## Step 4: Generate and copy Click generate to create a random password, then copy it to your clipboard. Generate multiple passwords if you need to pick one you prefer. Every data breach report tells the same story: weak and reused passwords are the easiest way in. Whether you are setting up a new database, creating a service account, or registering for yet another SaaS tool, the [password generator](/tools/password-generator) produces cryptographically random passwords that are genuinely difficult to crack. ## Why this matters: password entropy Password strength is measured in **bits of entropy**, which represents how many guesses an attacker would need to try in a brute-force attack. A password with 40 bits of entropy has about one trillion possible combinations. That sounds like a lot, but modern GPUs can test billions of hashes per second. For real security, you want at least 70-80 bits of entropy. **Length beats complexity.** A 20-character password using only lowercase letters has more entropy than an 8-character password using uppercase, lowercase, numbers, and symbols. This is because entropy scales with length exponentially. The math is straightforward: `entropy = length * log2(character_pool_size)`. Doubling the length doubles the entropy, but doubling the character pool only adds a fixed number of bits per character. That said, many systems impose specific rules, such as "must include at least one uppercase letter and one symbol." The generator lets you toggle these character classes on or off so the output meets whatever policy you are dealing with, even if the policy is not particularly well designed. ## Tips and best practices - **Use a password manager.** Generating a strong password is only half the problem. If you cannot remember it (and you should not try to remember a random 20-character string), store it in a password manager like 1Password, Bitwarden, or KeePass. - **Aim for 16 characters or more.** Twelve characters is the minimum for reasonable security. Sixteen or more gives you a comfortable margin against future improvements in cracking hardware. - **Never reuse passwords.** A unique password for every account means that a breach at one service does not compromise your other accounts. The generator makes it trivial to create a fresh password each time. - **Use passphrases for memorizable passwords.** When you need to type a password from memory, such as your device login, consider a passphrase of four or five random words instead. The entropy is comparable to a shorter random string but far easier to recall. - **Rotate credentials for shared or service accounts.** If multiple people know a password, change it when anyone leaves the team. Automate rotation for service accounts wherever possible. ## Common issues - **Site rejects the generated password:** Some services have outdated maximum length limits (often 16 or 20 characters) or disallow certain special characters. Reduce the length or disable specific character types in the generator to comply. - **Password looks the same as the last one:** The generator uses cryptographic randomness, so duplicates are astronomically unlikely. If the output appears unchanged, make sure you clicked the generate button again rather than re-copying the previous result. - **Clipboard clears before you paste:** Some password managers and operating systems clear the clipboard after a timeout for security. Paste the password immediately after copying, or generate it again if needed.