Password Generator Guide: Creating Truly Random Passwords
How password generators work, why random is better than memorable, and how to use them with a password manager.
Why Human-Created Passwords Are Weak
The human brain is terrible at creating truly random passwords. We unconsciously follow patterns — starting with capital letters, ending with numbers, substituting @ for a, 3 for e, 0 for o. These patterns are known to attackers. Every dictionary attack wordlist includes variations like P@ssw0rd, S3cur3, @dm1n, and thousands of similar substitutions.
A password must be unguessable. Truly unguessable means truly random — which only a computer can reliably generate.
How Password Generators Work
A password generator uses a cryptographically secure random number generator (CSPRNG) to select characters from your specified character set. The randomness comes from hardware entropy sources (mouse movements, network timing, keystroke timing) combined with cryptographic algorithms. The result is statistically unpredictable even if an attacker knows the generator software.
Step by Step: Lazyblink Password Generator
Password Length Guide
12 characters: Minimum for standard accounts
16 characters: Recommended for most accounts
20 characters: Recommended for email, banking, cloud storage
24+ characters: For password manager master password and critical infrastructure
Every additional character multiplies the time to crack by the number of possible characters (95 for full ASCII printable). 16 characters at full character set: 10^31 possible combinations.
Storing Generated Passwords
Generated passwords are impossible to memorize — that is the point. Use a password manager:
Bitwarden (free, open source): Generates AND stores passwords. Browser extension auto-fills.
1Password ($3/month): Excellent UX, generates and stores.
Apple Keychain (free): Built into iOS and Mac. Good for Apple ecosystem.
Google Password Manager (free): Built into Chrome. Cross-platform.
Your password manager master password should be a long passphrase you can memorize — four or more random unrelated words.
Frequently asked questions
Should I use a password generator?
Yes — human-created passwords follow predictable patterns that attackers exploit. A password generator creates truly random passwords that are statistically unguessable.
How long should a generated password be?
Minimum 12 characters, recommended 16 characters for most accounts, 20+ characters for critical accounts like email and banking.
Put this guide into practice with our free online tool — no signup required.
Open tool