filemarkr
All ToolsGuides
filemarkr

60+ free developer tools that run entirely in your browser — JSON formatter, JWT decoder, Base64, diff checker, regex tester, hash generator and more. No upload, no sign-up, completely private.

JSON & Data

  • JSON Formatter
  • JSON Minifier
  • JSON Validator
  • JSON to CSV
  • CSV to JSON
  • JSON to YAML

Encode & Decode

  • Base64 Encode / Decode
  • Base64 to Image
  • Image to Base64
  • URL Encode / Decode
  • HTML Entity Encoder
  • JWT Decoder

Text Tools

  • Text Diff Checker
  • Case Converter
  • Word & Character Counter
  • Slug Generator
  • Remove Duplicate Lines
  • Sort Text Lines

Generators

  • UUID Generator
  • Password Generator
  • Lorem Ipsum Generator
  • QR Code Generator
  • Random Number Generator
  • NanoID Generator

Popular Guides

  • How to Format and Pretty-Print JSON (Without Breaking It)
  • How to Minify JSON and Shrink Your API Payloads
  • How to Validate JSON and Pinpoint the Exact Syntax Error
  • How to Convert JSON to CSV for Excel and Google Sheets
  • How to Convert CSV to JSON (With Proper Header Detection)
  • All guides →

Explore

  • All Tools
  • JSON Formatter
  • JWT Decoder
  • Diff Checker
  • UUID Generator

Company

  • About
  • Privacy
  • Terms
  • Sitemap

Our Promise

  • 100% in your browser
  • Zero uploads
  • No sign-up, always free

© 2026 filemarkr. Designed & developed by Naved Naik.  All processing happens locally in your browser.

All guides

Generators

How to Generate Strong Random Passwords (and What Actually Makes One Strong)

Learn what makes a password strong, how entropy really works, and how to generate secure random passwords in your browser with full control.

Try the toolPassword Generator →

The problem with the passwords humans invent

Left to our own devices, we pick terrible passwords. We reuse a favorite across a dozen sites, swap an o for a 0, and tack a ! on the end because a form told us to. Attackers know these patterns better than we do. Modern credential-stuffing and offline cracking tools try billions of guesses, seeded with leaked password dumps and every predictable substitution you can think of. The only reliable defense is a password that contains no pattern at all: one generated at random.

What actually makes a password strong

Strength comes down to one measurable thing: entropy, measured in bits. Entropy is the base-2 logarithm of the number of possible passwords an attacker would have to search. For a randomly generated password it is calculated as:

entropy = length × log2(alphabet_size)

The size of the alphabet depends on which character sets you include:

  • Lowercase only: 26 characters → ~4.7 bits per character
  • Lowercase + uppercase + digits: 62 characters → ~5.95 bits
  • Add symbols (~32 more): ~94 characters → ~6.55 bits

So a 16-character password drawn from the full 94-character set carries about 16 × 6.55 ≈ 105 bits of entropy. Anything above roughly 80 bits is impractical to brute-force with today's hardware. Crucially, this math only holds if the characters are chosen uniformly at random by a cryptographically secure source such as the browser's crypto.getRandomValues(). A password you thought up yourself has far less real entropy than its length suggests, because your brain is not a random source.

A practical walkthrough

Open the Password Generator. Everything runs locally in your browser, so no password ever touches a network. Here is a sensible workflow:

  1. Set the length to 16 or higher. Length buys more entropy per character than any single toggle.
  2. Enable uppercase, lowercase, numbers, and symbols to maximize the alphabet.
  3. Watch the strength meter update as you adjust options.
  4. Copy the result straight into your password manager.

To see why length dominates, compare the entropy of two configurations in a quick script:

function entropyBits(length, alphabet) {
  return Math.round(length * Math.log2(alphabet));
}

entropyBits(12, 94); // 79  bits  -- borderline
entropyBits(16, 94); // 105 bits  -- strong
entropyBits(20, 62); // 119 bits  -- strong even without symbols

Notice the last line: a longer password with no symbols beats a shorter one with them. If a site forbids special characters, just add a few more characters instead.

Common pitfalls

  • Confusing complexity rules with strength. "At least one number and one symbol" nudges you toward Password1!, which is weak. Randomness matters more than satisfying a checklist.
  • Reusing passwords. A strong password used on ten sites becomes as weak as the least secure of those sites. Generate a unique one per account.
  • Excluding ambiguous characters unnecessarily. Removing l, 1, O, 0 improves readability if you must type by hand, but shrinks the alphabet. Only do it when you will actually transcribe the password.
  • Not using a manager. A 105-bit password is useless if you write it on a sticky note. Store it where you never have to memorize it.

Related tools

If you are generating identifiers rather than secrets, reach for the UUID Generator or the NanoID Generator instead. And if you need to store a password hash server-side, the Bcrypt Generator shows how salted hashing works.

Conclusion

A strong password is simply a long string of truly random characters, and the fastest way to get one is to let a cryptographically secure generator build it. Aim for 16+ characters, include as many character sets as the site allows, generate a fresh one for every account, and let a password manager remember them all. Do that and you have removed one of the most common ways accounts get compromised.

More guides

How to Format and Pretty-Print JSON (Without Breaking It)

Read

How to Minify JSON and Shrink Your API Payloads

Read

How to Validate JSON and Pinpoint the Exact Syntax Error

Read

How to Convert JSON to CSV for Excel and Google Sheets

Read