Generate secure, random 20-character passwords. 132 bits of entropy — overkill strength. Everything runs in your browser.
Use ⌘ + D to bookmark this toolA 20-character password exceeds AES-128 encryption strength — the same encryption standard used to protect classified government communications. With 132 bits of entropy, you would need to harness the energy of multiple suns to power the computers needed for a brute-force attempt. This length is for people who want zero doubt about their password security.
Entropy is calculated as: length × log₂(pool_size). With 20 characters from the full 95-char printable ASCII set, you get 132 bits of entropy. Brute-force time at 10 billion guesses/sec: 7 × 10²¹ years.
50 pre-generated examples. Use the generator above for a cryptographically fresh password — these are for illustration only.
Most services accept up to 64-128 characters, so 20 works everywhere. Cryptocurrency hardware wallets (Ledger, Trezor) recommend 20+ character passphrases for BIP39 passphrase protection. High-security government systems (FISMA High, classified networks) may require 20+ characters.
Protecting cold wallet passphrases and seed phrase encryption. Crypto assets worth millions have been stolen through weak passwords. A 20-character password provides multi-decade protection against advancing hardware.
BitLocker, FileVault, LUKS, and VeraCrypt whole-disk encryption passwords. If your laptop is stolen, this password is the only thing between the thief and your entire digital life.
Encrypted backup passwords for services like Borg, Restic, or encrypted cloud backups. These protect years of historical data and may need to remain secure for decades.
Passphrase-protected SSH keys for server access. Even if an attacker obtains your private key file, the 20-character passphrase makes it computationally infeasible to decrypt.
| Length | Entropy | Crack Time (GPU) | Rating | Recommended For |
|---|---|---|---|---|
| 6 chars | 39 bits | 3.5 seconds | Weak | temporary or throwaway accounts only |
| 8 chars | 53 bits | 1.3 days | Fair | low-security accounts where the site enforces rate limiting |
| 10 chars | 66 bits | 117 years | Good | general-purpose accounts and social media |
| 12 chars | 79 bits | 1.1 million years | Strong | general accounts |
| 14 chars | 92 bits | 10 billion years | Strong | sensitive accounts |
| 15 chars | 99 bits | 894 billion years | Excellent | business accounts |
| 16 chars | 105 bits | 84 trillion years | Excellent | master passwords |
| 20 chars | 132 bits | 7 × 10²¹ years | Overkill | master passwords |
| 24 chars | 158 bits | 6 × 10²⁹ years | Overkill | maximum security |
| 32 chars | 211 bits | 4 × 10⁴⁵ years | Overkill | encryption keys |
| 48 chars | 316 bits | ∞ | Maximum | cryptographic secrets and machine-to-machine authentication |
| 64 chars | 421 bits | ∞ | Maximum | cryptographic keys |
Crack times assume 10 billion guesses/sec (GPU cluster with MD5). Bcrypt/Argon2 hashing makes these 10,000x–100,000x slower.
Generate strong, random passwords with customizable length, character sets, and options.
Generate strong, memorable passphrases from random words. Easier to remember, just as secure.
Generate multiple unique passwords at once. Perfect for IT admins and account provisioning.
Generate cryptographically secure API keys, tokens, and secrets in multiple formats.
Generate strong, easy-to-share WiFi passwords for your home or office network.
Create a scannable QR code for your WiFi network. Guests connect instantly.
Generate cryptographically random PIN codes. Perfect for device locks and access codes.
Test how strong your password is. See estimated crack time, entropy, and suggestions.
Generate MD5 hashes from any text. Useful for checksums, cache keys, and legacy system compatibility.
Generate SHA-512 hashes using the native Web Crypto API. 512-bit security for signatures and integrity.
Yes. A 20-character password using uppercase, lowercase, numbers, and symbols provides 132 bits of entropy — well beyond what brute-force attacks can crack. It would take 7 × 10²¹ years to break with current GPU technology.
With a modern GPU cluster computing 10 billion hashes per second, a random 20-character password using all character types (95-char pool) would take approximately 7 × 10²¹ years to crack by brute force. Using only lowercase letters would be significantly faster to crack.
Both matter, but length has a greater impact. Each additional character multiplies the total combinations by the pool size (up to 95 for all printable ASCII). However, using all character types (uppercase, lowercase, numbers, symbols) maximizes the pool size, which also multiplies security exponentially.
Yes. You cannot reliably memorize unique random passwords for every account. A password manager securely stores all your passwords behind one strong master password, and can auto-fill them across devices and browsers.
A 20-character password is recommended for: master passwords, cryptocurrency wallets, and encryption keys. Always use the strongest password practical for each account, and never reuse passwords across sites.