How to generate a strong password (and what makes one weak)
A strong password is one that's hard to guess or crack. But "hard" doesn't mean lots of symbols and numbers jumbled together — it means entropy: enough random length that even a fast computer checking billions of combinations would take centuries. The simplest way to get there is to use a local password generator, which ensures randomness comes from cryptography, not a predictable algorithm.
What makes a password weak
Most passwords are weak because they're based on something memorable: a name, a date, a word with a capital and a number at the end. If a password is based on a pattern — a real word, a birthday, a phrase — a modern attacker's first tool is a dictionary of those patterns, not brute force. Even MyDog2024! looks random to a human but cracks instantly because it follows the most common password recipe.
The second killer: reuse. If you use the same password on ten sites and one of those sites is breached, all ten accounts fall. Many people have no idea how many "password dump" databases are public and searchable online.
Length matters more than special characters
A common myth: passwords need mixed case, numbers, and symbols to be secure. In reality, length is what matters. A 16-character password of lowercase letters only has far more entropy — and is far harder to crack — than an 8-character password with every special character. Here's why: each added character multiplies the search space. An 8-character password of only lowercase has 26^8 possibilities (about 200 million). A 16-character lowercase password has 26^16 (about 43 quadrillion).
That's why many security experts now recommend passphrases — sequences of random words — over traditional "complex" passwords. They're easier to remember and far stronger.
Passphrases: the Diceware approach
A passphrase is just a sequence of random words. The classic example is "correct-horse-battery-staple": four random words, 20+ characters, absurdly strong, and not that hard to remember. You can generate random passphrases with the Passphrase generator, which builds them from a list of common English words. Five words from a list of 1,000 gives you more entropy than a 20-character random string of mixed case and symbols.
If you need a traditional password — symbols, mixed case, numbers — use the Password generator instead. But for most accounts, a phrase is stronger and more practical.
Stop reusing passwords
The single best habit is: one password per site. If you are reusing passwords, you are living on borrowed time. Once one site leaks, your other accounts are exposed. A strong password is only as good as the weakest site that uses it. To check whether any of your passwords have been exposed in a known breach, use the Password strength checker — paste a password (only you see it; nothing leaves your browser) and it will tell you if it appears in public breach databases.
PINs and numeric passwords
Some systems require only digits — ATMs, phone PIN codes, certain locks. The same entropy principle applies: longer is stronger. A 4-digit PIN has only 10,000 possibilities, which is crackable in milliseconds. A 6-digit PIN is better (1 million possibilities); an 8-digit PIN is solid (100 million). If you need a random numeric code, the PIN generator creates them instantly.
Why generate locally
Never trust a password generator on someone else's server. Even if it's well-intentioned, you can't verify that it's using real randomness or that it's not logging what it generates. TextArray tools run entirely in your browser — there is no server, no upload, no log. The password generator uses your browser's crypto.getRandomValues, which is genuinely random, not Math.random, which is predictable and never acceptable for security. Once the page loads, everything works offline. You can confirm it yourself by closing your internet connection and generating another password.
A strong password starts with real randomness, enough length to have real entropy, and the discipline to use a different one everywhere. Let the browser do the hard work.