Password Security Best Practices
What Makes a Password Strong?
Length is the single most important factor — each additional character exponentially increases combinations. A 16-character password with mixed types has more entropy than a short password with symbols. Aim for at least 12–16 characters for important accounts.
Use a Password Manager
You don't need to memorize strong passwords — use a password manager like Bitwarden (free), 1Password, or Dashlane. Generate a unique strong password for every account and let the manager store it. Only memorize your master password.
Enable Two-Factor Authentication (2FA)
A strong password + 2FA is far more secure than any password alone. Enable 2FA on all critical accounts (email, banking, social media). Use an authenticator app (Google Authenticator, Authy) rather than SMS for stronger protection.
Frequently Asked Questions
Are generated passwords saved anywhere?
No. All passwords are generated using your browser's built-in cryptographic random number generator (crypto.getRandomValues). Nothing is sent to any server. Closing the tab permanently removes all generated passwords.
What is password entropy?
Entropy measures the unpredictability of a password in bits. Higher entropy = harder to crack. A 128-bit entropy password would take longer than the age of the universe to crack with current hardware. Aim for 80+ bits minimum for important accounts.
How often should I change passwords?
Modern security guidance (NIST 2017+) no longer recommends mandatory periodic password changes. Change your password when: there's a breach, you suspect compromise, or you've shared it with someone. Focus on using unique strong passwords per site rather than frequent rotation.