This site will hash your password with scrypt, the username, the site's name and your password for salt(to make it harder to guess). It will generate by default a 14 character
psuedo-random password that will always be the same for the same inputs(what you entered), changing one letter in any
of the boxes will change everything. Thus the entire thing is case sensitive.
To just score the passwrd you entered witout generating one just click the "Score Password" button.
You can change the length by changing the "Output Length" option
to make it the length of the password the maximum that you require. You can also disable the special character that is added onto the end if the site that you're using doesn't allow
it(only way to know is to try pasting the password into the site. If it doesn't work and says the password isn't allowed then check the box, and click generate password again and it'll
give you a new password that doesn't have the special character on the end. Please note that the maximum length that it can generate is around 53-55 character
If the score for the original password is below 2 it is considered weak below 1 is extremely weak. You want the original score to be at least 1
We use ZXCVBN to guess the strengths of the passwords. It has been shown to be extremely accurate for guessing how long it would take for a hacker to guess a password. Also note that spellchecking/suggestions may not be disabled on your browser for the input fields. So be careful when entering the text and make sure it is what you typed especially on the password field.
Your original score:
Generated password score:
The score is from 0 through 4, with a higher score meaning a more secure password. A score of 3 or higher is what's considered safe for your password not being cracked in an attack. If it's below 3 it means that if a site is hacked and their passwords are stolen you can assume your password won't really be safe.
Time to crack original password :
Some Suggestions for Your Original Password:
Time to crack generated password:
I would suggest using this in combination with a password manager like KeePass and this way you have to remember only two passwords one for generating the unique password for each site
and one for keeping the database for your passwords safe. When doing this make sure that your password that you're going to use scores at least a 2. You can utilize the score password
button to get feedback and see how strong the password you're going to use is. Below I have included links to the Android, iOS, Windows, and Linux versions that I recommend as all are open source.
iOS MiniKeePass It is Open Source and is also Free.
Android KeePassDroid I personally use F-Droid to get it. It only has open source ad-free no tracking apps in it's list.
Linux/OSX KeePassX Linux version is nice but sadly now it is database version 2 but all other ones listed use/are able to use this improved format.
Windows KeePass The original program that was written for Windows. It also has versions for other platforms but I would suggest using the ones I listed instead of the other ones listed on the page for other platforms.
You can change the strength of the protection that the database gives you. If unsure how to change it just leave it as the default. For those with more expereience make sure it is AES(Rijndael) and the Encryption Rounds is set to 100000(100,000). That should provide you with a basic level of protection from attackers trying to steal your passwords from the database so long as you have made sure the password you use to open that database scores at least a 2 via this tool's score password function.
Are you sure you want to disable the special character from generation?
Doing so will decrease the strength of your generated password.
You should only do this if the site you're going to use specifically said that you cannot use them.
Are you sure that you want to enable legacy mode?
Doing so will decrease the security of the password.
You should only do this if you are migrating your password to the new format.