Plaintools / Password Generator
● Generated locally — never transmitted
Before you begin — read this Write your passwords down on paper and store them somewhere safe — a notebook, a safe, a locked drawer. No matter how strong a password is, if you lose access to it you lose access to your account. A physical copy cannot be hacked remotely.

Enable two-factor authentication (2FA) on every account that offers it. A strong password plus 2FA means even a data breach cannot give an attacker access without your second device.

Change your passwords regularly — especially after any reported breach involving a service you use.

A note on breaches: Even the strongest password cannot protect you if the company stores it poorly and gets breached. That is their failure, not yours. Unique passwords per account limit the damage.
Password Generator Click password to copy · All generation is local
Click Generate to create your password Click to copy
Length 20
Runic character ratio 30%
Standard characters
Runic character sets
10 Unique Passwords — click any to copy
🔬 Crack Time Estimator
Consumer Hardware
1 billion guesses/sec
Cracking Rig
100 billion guesses/sec
Nation State
1 trillion guesses/sec
Enter a password above to see the full analysis.
The Plaintools Runic Alphabet — 40 Characters
Security Best Practices
1

Write it down on paper. Store it in a safe, locked drawer, or secure physical location. A paper copy cannot be hacked remotely. This is not old-fashioned — it is the most secure backup method that exists.

2

Enable two-factor authentication everywhere. 2FA means an attacker needs both your password and your physical device. Even a breached password cannot access your account without the second factor.

3

Never reuse passwords. One breach exposes every account sharing that password. Unique passwords per account limit the damage to one service.

4

Change passwords regularly. Especially after any reported breach at a service you use. Assume that if a service was breached your password may have been exposed regardless of how it was stored.

5

Length beats complexity. A 20-character lowercase password is stronger than an 8-character password with symbols. Every additional character multiplies the search space exponentially.

6

A breach at the company is not your failure. No password protects you if the company stores it insecurely and gets breached. Unique passwords and 2FA limit the damage. The rest is outside your control.

7

Runic and Unicode passwords must be copy-pasted. Verify the password works on the target site before logging out. Some older systems do not accept Unicode. Always have your physical backup first.