2026-06-04 · 5 min read
- security
- password
Strong passwords are long, random, and unique per site. A generator removes human bias—no birthdays, no keyboard walks. Client-side generation means the candidate password never transits to a server during creation.
Length beats complexity theater
A 16+ character random password from a broad alphabet beats an 8-character password with forced symbols. Entropy grows linearly with length.
- Use 16–24 characters for user accounts
- Use 32+ for API keys and machine secrets
- Include upper, lower, digits, and symbols when the site allows
After generation
Store passwords in a reputable password manager—not a text file, not a Slack DM. Rotate credentials when vendors disclose breaches. Never reuse production passwords in staging.