Documentation
How to use this tool, practical use cases, and technical notes.
The Advanced Password Generator is designed to be usable in under 2 minutes for a standard strong password, and under 10 minutes for a fully configured, policy-tuned batch. Here is a complete step-by-step guide.
Step 1 — Set Your Password Length
The Password Length slider defaults to 16 characters, which is the current industry baseline for strong passwords. Adjust this based on your use case:
Use Case | Recommended Length | Approximate Entropy (Full Pool) |
|---|---|---|
Low-risk accounts (forums, newsletters) | 12 characters | ~78 bits |
Standard accounts (email, social) | 16 characters | ~105 bits |
High-value accounts (banking, SSO) | 20 characters | ~131 bits |
Service account / API credentials | 24 characters | ~157 bits |
Master password / password manager | 28–32 characters | ~184–210 bits |
Encryption key material (pre-hash) | 32+ characters | ~210+ bits |
Rule of thumb: Every additional character multiplies the search space by the size of your character pool. With a 94-character pool, adding one character makes the password ~94× harder to brute-force.
Step 2 — Set the Generation Count
The Generate Count field controls how many passwords are produced in a single batch. Best practice is to generate 3–5 passwords and select the one that:
Has the highest entropy score (displayed alongside the password)
Passes a mental "typability" check if the password will ever need to be typed manually
Does not accidentally resemble a dictionary word or common pattern
Generating multiple passwords and selecting the strongest one effectively raises your practical security floor without changing any settings.
Step 3 — Configure Character Sets
Toggle the four character set checkboxes based on your requirements:
Toggle | Effect on Password | When to Enable |
|---|---|---|
Uppercase (A–Z) | Adds 26 characters to pool | Almost always — required by most policies |
Lowercase (a–z) | Adds 26 characters to pool | Always — highest frequency characters |
Numbers (0–9) | Adds 10 characters to pool | Almost always — required by most policies |
Symbols (!@#$%^&*) | Adds ~32 characters to pool | Enable for maximum entropy; check if system accepts all symbols |
⚠️ Important: Some systems (legacy applications, certain databases, SSH key files) have restrictions on which symbol characters they accept in passwords. If you encounter authentication errors after setting a symbol-containing password, check the system's accepted character list and use the "Exclude Characters" field in Advanced Settings to remove problematic symbols.
Step 4 — Enable "Exclude Similar Characters"
Toggling Exclude Similar (il1Lo0O) removes the following visually ambiguous characters from the pool:
Character | Ambiguous With |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When to use: Enable this when the password might ever need to be read from a screen and typed manually — e.g., printed credentials, phone-read passwords, or temporary credentials handed to users. This reduces your pool by ~7 characters but dramatically reduces transcription errors.
When to skip it: For passwords stored and pasted exclusively from a password manager, similar character exclusion provides no benefit and marginally reduces entropy.
Step 5 — Configure Advanced Settings
Expand the Advanced Settings panel to access custom rules and the character exclusion list.
Custom Rules
Rule | What It Prevents | Example of Prevented Pattern |
|---|---|---|
No Consecutive Characters | Three or more identical characters in a row |
|
No Common Patterns | Keyboard walks and known weak sequences |
|
No Repeating Pairs | Alternating two-character sequences |
|
Balanced Symbols | Guarantees at least one symbol character | Prevents all-alphanumeric output when symbols are enabled |
Mixed Case Required | Guarantees both uppercase and lowercase | Prevents all-uppercase or all-lowercase output |
Recommendation: Enable all five rules for maximum policy compliance and to eliminate the small probability that a CSPRNG-generated password accidentally contains a weak pattern.
Performance note: Enabling multiple custom rules causes the generator to retry candidate passwords until all rules are satisfied. This is imperceptible for lengths up to 32 characters but may add a small delay for very short passwords with strict rules.
Exclude Specific Characters
The Exclude Characters text field lets you remove any specific character from the pool. Common use cases:
Exclusion Scenario | Characters to Exclude |
|---|---|
MySQL password fields (quote issues) |
|
Shell scripts (variable expansion) |
|
Windows CMD environment |
|
URL query parameters |
|
PostgreSQL connection strings |
|
JSON configuration files |
|
Mainframe / legacy COBOL systems | Most symbols — restrict to |
Step 6 — Generate and Review
Click Generate Passwords. For each generated password, review:
The password string — the credential itself
Entropy score — bits of entropy; aim for 80+ bits minimum
Time to crack estimate — how long brute-force would take at various attack speeds
Strength rating — a qualitative label (Weak / Moderate / Strong / Very Strong / Exceptional)
Step 7 — Copy and Use
Click the copy button adjacent to your selected password. Best practices for handling the password after copying:
Paste immediately into your password manager, vault, or target system
Do not paste into a notes app, email, or chat window
Clear your clipboard after use (most OSes: copy a blank character or a meaningless string)
On macOS, use
pbcopy /dev/nullor a clipboard manager with auto-clearOn Windows,
echo off | clipclears the clipboard from the command line
The Advanced Password Generator is designed to be usable in under 2 minutes for a standard strong password, and under 10 minutes for a fully configured, policy-tuned batch. Here is a complete step-by-step guide.
Step 1 — Set Your Password Length
The Password Length slider defaults to 16 characters, which is the current industry baseline for strong passwords. Adjust this based on your use case:
Use Case | Recommended Length | Approximate Entropy (Full Pool) |
|---|---|---|
Low-risk accounts (forums, newsletters) | 12 characters | ~78 bits |
Standard accounts (email, social) | 16 characters | ~105 bits |
High-value accounts (banking, SSO) | 20 characters | ~131 bits |
Service account / API credentials | 24 characters | ~157 bits |
Master password / password manager | 28–32 characters | ~184–210 bits |
Encryption key material (pre-hash) | 32+ characters | ~210+ bits |
Rule of thumb: Every additional character multiplies the search space by the size of your character pool. With a 94-character pool, adding one character makes the password ~94× harder to brute-force.
Step 2 — Set the Generation Count
The Generate Count field controls how many passwords are produced in a single batch. Best practice is to generate 3–5 passwords and select the one that:
Has the highest entropy score (displayed alongside the password)
Passes a mental "typability" check if the password will ever need to be typed manually
Does not accidentally resemble a dictionary word or common pattern
Generating multiple passwords and selecting the strongest one effectively raises your practical security floor without changing any settings.
Step 3 — Configure Character Sets
Toggle the four character set checkboxes based on your requirements:
Toggle | Effect on Password | When to Enable |
|---|---|---|
Uppercase (A–Z) | Adds 26 characters to pool | Almost always — required by most policies |
Lowercase (a–z) | Adds 26 characters to pool | Always — highest frequency characters |
Numbers (0–9) | Adds 10 characters to pool | Almost always — required by most policies |
Symbols (!@#$%^&*) | Adds ~32 characters to pool | Enable for maximum entropy; check if system accepts all symbols |
⚠️ Important: Some systems (legacy applications, certain databases, SSH key files) have restrictions on which symbol characters they accept in passwords. If you encounter authentication errors after setting a symbol-containing password, check the system's accepted character list and use the "Exclude Characters" field in Advanced Settings to remove problematic symbols.
Step 4 — Enable "Exclude Similar Characters"
Toggling Exclude Similar (il1Lo0O) removes the following visually ambiguous characters from the pool:
Character | Ambiguous With |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When to use: Enable this when the password might ever need to be read from a screen and typed manually — e.g., printed credentials, phone-read passwords, or temporary credentials handed to users. This reduces your pool by ~7 characters but dramatically reduces transcription errors.
When to skip it: For passwords stored and pasted exclusively from a password manager, similar character exclusion provides no benefit and marginally reduces entropy.
Step 5 — Configure Advanced Settings
Expand the Advanced Settings panel to access custom rules and the character exclusion list.
Custom Rules
Rule | What It Prevents | Example of Prevented Pattern |
|---|---|---|
No Consecutive Characters | Three or more identical characters in a row |
|
No Common Patterns | Keyboard walks and known weak sequences |
|
No Repeating Pairs | Alternating two-character sequences |
|
Balanced Symbols | Guarantees at least one symbol character | Prevents all-alphanumeric output when symbols are enabled |
Mixed Case Required | Guarantees both uppercase and lowercase | Prevents all-uppercase or all-lowercase output |
Recommendation: Enable all five rules for maximum policy compliance and to eliminate the small probability that a CSPRNG-generated password accidentally contains a weak pattern.
Performance note: Enabling multiple custom rules causes the generator to retry candidate passwords until all rules are satisfied. This is imperceptible for lengths up to 32 characters but may add a small delay for very short passwords with strict rules.
Exclude Specific Characters
The Exclude Characters text field lets you remove any specific character from the pool. Common use cases:
Exclusion Scenario | Characters to Exclude |
|---|---|
MySQL password fields (quote issues) |
|
Shell scripts (variable expansion) |
|
Windows CMD environment |
|
URL query parameters |
|
PostgreSQL connection strings |
|
JSON configuration files |
|
Mainframe / legacy COBOL systems | Most symbols — restrict to |
Step 6 — Generate and Review
Click Generate Passwords. For each generated password, review:
The password string — the credential itself
Entropy score — bits of entropy; aim for 80+ bits minimum
Time to crack estimate — how long brute-force would take at various attack speeds
Strength rating — a qualitative label (Weak / Moderate / Strong / Very Strong / Exceptional)
Step 7 — Copy and Use
Click the copy button adjacent to your selected password. Best practices for handling the password after copying:
Paste immediately into your password manager, vault, or target system
Do not paste into a notes app, email, or chat window
Clear your clipboard after use (most OSes: copy a blank character or a meaningless string)
On macOS, use
pbcopy /dev/nullor a clipboard manager with auto-clearOn Windows,
echo off | clipclears the clipboard from the command line