密码生成器 — 创建强随机密码
使用加密随机性生成强安全的随机密码和密码短语。自定义长度、字符集(大写、小写、数字、符号)和密码短语单词数量,以满足任何安全要求。
Password Generator
Generate secure random passwords and passphrases
0, O, 1, l, I
Frequently Asked Questions
这个密码生成器如何创建安全密码?
本密码生成器使用Web Crypto API(crypto.getRandomValues())来生成密码学安全的随机数。与可预测的Math.random()不同,Web Crypto API从操作系统的熵源获取数据,确保生成密码中的每个字符都真正不可预测,适用于安全关键的应用程序。
什么是密码熵,它为什么重要?
密码熵以位为单位衡量密码的不可预测性。计算公式为:长度 × log₂(字符集大小),其中字符集大小是可能的字符数量。熵越高意味着可能的组合越多,使密码更难破解。例如,使用所有字符类型(95个可能字符)的16字符密码大约有105位熵,在每秒100亿次猜测的速率下需要数十亿年才能暴力破解。
我的密码应该有多长?
对于大多数在线账户,建议最少12个字符,但16个或更多字符能提供明显更好的安全性。对于加密密钥或主密码等高安全性应用,使用20个以上字符或5个以上单词的密语。每增加一个字符,可能的组合数量会呈指数级增长。
密语比随机密码更安全吗?
这取决于长度和单词数量。来自200词列表的4个单词的密语提供约31位熵,而使用所有字符类型的16字符随机密码提供约105位。但密语更容易记忆和输入。为了获得相当的安全性,在密语中使用6个以上单词。密语是需要手动输入的主密码的理想选择。
什么是歧义字符,为什么要排除它们?
歧义字符是在许多字体中看起来相似的字符:0(零)和O(大写O)、1(一)和l(小写L)和I(大写I)。排除它们可以防止阅读或手动输入密码时的混淆,这对于需要打字或朗读的密码很有用。对于存储在密码管理器中的密码,这种排除是不必要的。
我应该在密码中使用特殊字符(符号)吗?
包含!@#$%^&*等符号将字符集从62个(字母+数字)扩展到95个或更多,显著提升每个字符的熵。但某些系统限制允许使用哪些特殊字符。如果遇到限制,使用本生成器的自定义排除功能删除不允许的字符,同时尽可能保持密码强度。
我应该多久更换一次密码?
NIST(美国国家标准与技术研究院)的当前安全指南建议,除非有泄露证据,否则不要强制定期更换密码。频繁的强制更改通常会导致密码变弱。相反,对每个账户使用强唯一密码,启用双因素身份验证,并在怀疑遭到入侵时立即更换密码。
可以信任这个密码生成器吗?它安全吗?
是的。本密码生成器完全在您的网页浏览器中运行——密码永远不会发送到服务器或存储在任何地方。生成使用Web Crypto API提供密码学随机性。您可以通过查看页面源代码或使用浏览器的网络选项卡确认在密码生成期间没有数据传输来验证这一点。
存储生成密码的最佳方式是什么?
使用知名的密码管理器,如1Password、Bitwarden、KeePass或Dashlane。密码管理器使用主密码加密您的密码,并可以自动填充登录表单。永远不要将密码存储在纯文本文件、没有主密码的浏览器保存密码、便利贴或邮件草稿中。对于密码管理器的主密码,使用您能记住的强密语。
破解时间是如何估算的?
破解时间估算假设攻击者以每秒100亿次猜测的速度进行暴力攻击,这代表一个强大的GPU集群。计算方法是将可能密码的总数(2^熵)除以猜测速率。实际破解时间可能不同:针对弱哈希的离线攻击可能更快,而针对正确加盐的bcrypt或Argon2哈希的攻击会明显更慢。
About Password Generator
The Password Generator is a free online tool that creates strong, secure random passwords and passphrases using cryptographically secure randomness. Unlike passwords created by humans, which tend to follow predictable patterns, this Password Generator uses the Web Crypto API (crypto.getRandomValues()) to ensure every character is truly random. You can customize length, character sets, and exclusion rules to match any password policy or personal preference.
How to Create a Strong Password
A strong password is your first line of defense against unauthorized access. Follow these tips when creating passwords with the Password Generator:
- Use at least 16 characters — longer passwords are exponentially harder to crack
- Include all character types: uppercase letters, lowercase letters, numbers, and symbols
- Avoid dictionary words, names, dates, or keyboard patterns (e.g., "qwerty", "123456")
- Use a unique password for every account — never reuse passwords across services
- Consider using a passphrase (4+ random words) for passwords you need to type manually
- Store generated passwords in a reputable password manager rather than memorizing them
- Enable two-factor authentication (2FA) wherever possible for added security
Password Entropy Explained
Entropy measures the randomness or unpredictability of a password, expressed in bits. The Password Generator calculates entropy using the formula:
Entropy = Length × log₂(Pool Size)
Where Pool Size is the number of possible characters. For example, a 16-character password using uppercase (26) + lowercase (26) + digits (10) + symbols (33) = 95 possible characters has:
16 × log₂(95) ≈ 105 bits of entropy
Higher entropy means more possible combinations and longer crack times. As a general guideline:
| Entropy (bits) | Strength | Use Case |
|---|---|---|
| < 28 | Very Weak | Not recommended for any use |
| 28 – 35 | Weak | Temporary or low-value accounts only |
| 36 – 59 | Fair | General online accounts |
| 60 – 79 | Strong | Email, social media, financial accounts |
| 80+ | Very Strong | Encryption keys, master passwords, high-security systems |
Passphrase vs Password
A passphrase is a sequence of random words (e.g., "bridge-crystal-dolphin-autumn") that serves as a password. The Password Generator supports both approaches:
| Aspect | Random Password | Passphrase |
|---|---|---|
| Example | k7#Bm9$xR2&pL4 | Bridge-Crystal-Dolphin-Autumn |
| Memorability | Difficult to memorize | Easier to memorize and type |
| Typing speed | Slow (mixed characters) | Faster (natural words) |
| Security per character | Higher per character | Lower per character, but longer overall |
| Best for | Password managers, auto-fill | Master passwords, manual entry |
A 4-word passphrase from a 200-word list provides approximately 31 bits of entropy, while a 6-word passphrase provides approximately 46 bits. For higher security, use 5 or more words and enable capitalization.
Common Password Mistakes
Avoid these common mistakes that make passwords easy to guess or crack:
- Reusing passwords — if one account is breached, attackers try the same password on other services (credential stuffing)
- Using personal information — names, birthdays, pet names, and addresses are easily guessable or found on social media
- Simple substitutions — replacing "a" with "@" or "o" with "0" is a well-known pattern that cracking tools account for
- Keyboard patterns — "qwerty", "asdfgh", and "zxcvbn" are among the most common passwords
- Too short — passwords under 12 characters can be brute-forced relatively quickly with modern hardware
- Appending numbers — adding "123" or the current year to a word does not meaningfully increase security
- Writing passwords down — sticky notes on monitors or plain text files on your computer are not secure storage
Instead of trying to create a "clever" password, use this Password Generator to create a truly random one, then store it in a password manager.
Related Security Tools
Combine password generation with these related tools for a complete security workflow:
- Hash Generator— generate MD5, SHA-1, SHA-256, and other hash digests for file integrity verification
- UUID Generator— create universally unique identifiers for database records and API keys