How to Generate Strong Passwords and Passphrases That Are Actually Secure
FlipFiles Pro ยท June 2026 ยท 8 min read
Most people understand they should use strong passwords. Fewer understand what strong actually means, and even fewer use a systematic approach to generating passwords that are both genuinely secure and practically usable. This guide covers the principles and practice of password generation.
What Makes a Password Strong?
Password strength is determined by entropy โ the measure of randomness or unpredictability. A password with high entropy takes impractically long to crack even with sophisticated hardware. The factors that affect entropy are:
- Length โ The single most important factor. Each additional character multiplies the number of possible passwords.
- Character set size โ Using uppercase, lowercase, numbers, and symbols increases the options per character
- Randomness โ A password must be genuinely random, not based on predictable patterns
| Password Type | Example | Entropy | Crack Time (2026 hardware) |
|---|---|---|---|
| Common word + number | Password123 | ~20 bits | Seconds |
| 8-char mixed | K#9mZ&2p | ~52 bits | Hours to days |
| 12-char mixed | K#9mZ&2pQr!v | ~78 bits | Years |
| 16-char mixed | K#9mZ&2pQr!vTu@8 | ~104 bits | Centuries |
| 4-word passphrase | correct-horse-battery-staple | ~44 bits | Thousands of years* |
| 6-word passphrase | marble-coffee-river-lamp-fox-north | ~77 bits | Effectively infinite* |
*Passphrase entropy assumes random word selection from a large dictionary, not predictable phrases
Password Types for Different Purposes
Complex Passwords โ For Password Manager Storage
If you use a password manager (which you should), complex random passwords like K#9mZ&2pQr!vTu@8 are ideal. You never need to remember or type them โ the password manager handles everything. Use 16+ character complex passwords for all accounts stored in a password manager.
Passphrases โ For Memorisation
For the handful of passwords you must actually remember โ your password manager master password, computer login, and a few critical accounts โ passphrases are dramatically better. Four to six random common words are easier to remember than a string of random characters but provide equivalent or better security. "Marble coffee river lamp" is memorable and has enormous entropy if the words were chosen randomly.
PINs โ For Device Access
For PINs limited to digits, length matters most. A 6-digit PIN has 1 million possibilities; an 8-digit PIN has 100 million. For high-security scenarios, use the maximum PIN length your device supports.
FlipFiles Pro Password Generator
The Password Generator tool creates five types of passwords:
- Complex (random mix of uppercase, lowercase, numbers, symbols)
- Memorable (real words in uncommon combinations)
- PIN (digits only, specified length)
- Passphrase (random dictionary words, hyphen separated)
- Bulk (generate 50 passwords at once in a text file)
All passwords are generated server-side using cryptographically secure random number generation โ not the weaker Math.random() that browser-based generators often use.