How long should my password be?

At minimum 12 characters, but 16+ is recommended. Each additional character exponentially increases the time needed to crack the password. A 16-character password with mixed characters would take trillions of years to brute-force.

What is a passphrase?

A passphrase is a password made of random words, like 'correct-horse-battery-staple'. Passphrases are easier to remember than random character strings while being equally secure due to their length.

Are passphrases more secure than passwords?

A 4-word passphrase has comparable entropy to a 12-character random password. Passphrases are more practical because they are easier to type and remember, which means users are less likely to reuse them.

How is password strength calculated?

Password strength is measured in bits of entropy. Higher entropy means more possible combinations. A 12-character password using uppercase, lowercase, numbers, and symbols has about 79 bits of entropy.

How long would it take to crack my password?

The FlipMyCase Password Generator shows estimated crack time at 10 billion guesses per second. A 12-character mixed password takes thousands of years. An 8-character lowercase-only password takes seconds.

Is this generator actually random?

Yes. It uses your browser's crypto.getRandomValues() API, which is a cryptographically secure random number generator. No server is involved and no passwords are stored or transmitted.

Password Generator — Strong Passwords, Passphrases, and PINs

Weak passwords are the number one cause of account breaches. The FlipMyCase Password Generator creates cryptographically secure passwords, memorable passphrases, and numeric PINs — all in your browser using your device's secure random number generator.

How to Use the Password Generator

Open the FlipMyCase Password Generator.
Choose your mode: Password, Passphrase, or PIN.
Adjust settings (length, character types, word count).
Copy your generated password.
See the strength meter and crack time estimate.

Three Modes

Random Passwords

Classic random character strings. Customize length (4-128 characters) and character sets: uppercase, lowercase, numbers, and symbols. Exclude ambiguous characters like 0, O, l, and 1 for readability.

Best for: Online accounts, API keys, database passwords.

Passphrases

Random words separated by a chosen delimiter. Based on a 1,296-word list (EFF-style), with options to capitalize words and add a number. A 4-word passphrase like "basket-lunar-fossil-crane" has approximately 41 bits of entropy.

Best for: Master passwords, WiFi passwords, passwords you need to type from memory.

PINs

Cryptographically random numeric codes in lengths of 4, 6, 8, 10, or 12 digits. Unlike your birthday or phone number, these are truly random and unpredictable.

Best for: Phone lock screens, banking PINs, two-factor backup codes.

Password Strength Guide

| Length | Characters | Entropy | Crack Time* | |---|---|---|---| | 8 | lowercase only | 38 bits | Instant | | 8 | mixed + symbols | 53 bits | 2 hours | | 12 | lowercase only | 56 bits | 1 day | | 12 | mixed + symbols | 79 bits | 6 million years | | 16 | mixed + symbols | 105 bits | Trillions of years | | 20 | mixed + symbols | 131 bits | Heat death of universe |

*At 10 billion guesses per second

What Makes a Password Strong

Three factors determine password strength:

Length: The most important factor. Each additional character multiplies the possible combinations.
Character variety: Using uppercase, lowercase, numbers, and symbols increases the pool of possible characters from 26 to 95.
Randomness: Human-chosen passwords follow patterns that attackers know. Machine-generated randomness has no patterns.

Common Password Mistakes

Using personal information (birthdays, pet names, addresses)
Adding predictable numbers to the end ("password123")
Substituting letters with obvious symbols ("p@ssw0rd")
Reusing the same password across multiple sites
Using short passwords even with complex characters

All of these patterns are in attacker dictionaries. A truly random password avoids all of them.

Why Passphrases Work

The famous XKCD comic illustrated this: "correct horse battery staple" is both easier to remember and harder to crack than "Tr0ub4dor&3". The math is simple — four random words from a 1,296-word list give you 1,296^4 = 2.8 trillion combinations. That is comparable to a 12-character random password, but you can actually remember it.

Security Notes

The generator runs entirely in your browser using crypto.getRandomValues()
No passwords are sent to any server
No passwords are stored or logged
Close the tab and the passwords are gone
For maximum security, use a password manager to store your generated passwords