What makes a password actually strong
Length beats complexity. A 20-character random password from a 90-character alphabet has ~130 bits of entropy, more than enough to resist any feasible offline attack. Adding obscure symbols below 16 characters helps less than just making the password longer.
Randomness matters more than length, though. A 30-character password that's a quote you love has maybe 40 bits of real entropy because it's in a dictionary an attacker has. PassCryp's generator uses your browser's CSPRNG (crypto.getRandomValues), the same source kernels use for TLS keys.
Uniqueness is the third leg. The biggest password risk in 2026 isn't a weak password, it's a reused one. When SiteA leaks plaintext, attackers credential-stuff SiteB. A unique generated password per site removes the entire class of attack.