Generátor Hesel Časté dotazy

Aim for at least 12-16 characters for important accounts, ideally longer. Length is the most important factor in password strength—each additional character exponentially increases security. For passwords managed by a password manager (most of them), use 20+ characters since you don't need to type them. For passwords you must memorize, consider passphrases of 4-6 random words.

Yes, using all character types (uppercase, lowercase, numbers, symbols) maximizes entropy per character. However, length matters more than complexity. A 16-character lowercase password is stronger than an 8-character password with all character types. For generated passwords, use full complexity. For memorized passwords, prioritize length through random word passphrases.

Only change passwords when there's a reason to: suspected compromise, notification of a breach, or when you've been using a weak password. Routine password changes (every 90 days) are no longer recommended by security experts—they lead to weaker passwords and predictable patterns. Use strong, unique passwords with 2FA instead of relying on frequent changes.

Yes, passwords are generated using the Web Crypto API's cryptographically secure random number generator. This provides true randomness that cannot be predicted or reproduced. All processing happens locally in your browser—no passwords are ever transmitted to our servers, logged, or stored. The generated passwords achieve their full theoretical entropy.

Writing down passwords is actually acceptable in limited circumstances—a piece of paper can't be hacked remotely. It's reasonable for your password manager's master password while you're learning it, stored securely at home. However, don't write down passwords at work, on sticky notes on your monitor, or anywhere accessible to others. A password manager is a better solution for most passwords.

Password reuse means one breach compromises all your accounts. When any service is hacked (and it happens constantly), attackers try those passwords on other sites—banks, email, social media. Your email password unlocks everything because it receives password reset links. Using unique passwords for each account limits damage from any single breach to just that one service.