FAQ

Password Generator FAQ

Straight answers about local generation, password length, passphrases, password managers, and difficult website rules.

Is PassRule safe to use?

Passwords and passphrases are generated locally in your browser with the Web Crypto API. PassRule does not send, store, or log generated results.

Is a generated password better than one I make myself?

A properly random generator avoids predictable personal patterns. The result still needs to be unique for that account and saved somewhere you can access securely.

How long should my password be?

There is no single length accepted everywhere. Use the longest unique random password a website permits; 16 or more characters is a practical starting point, and PassRule's default random password is longer.

Do I always need symbols, uppercase letters, and numbers?

Follow the website's rules. A long, unique random password matters more than satisfying a particular character mix, but some forms still require symbols or specific character types.

When should I use a passphrase?

Use a multi-word passphrase when you must type it manually and the site accepts longer values. Keep it unique, avoid personal details, and store it in a password manager when possible.

Should every account have a different password?

Yes. Reusing a password lets a breach at one service put other accounts at risk. Generate a fresh value for every account, especially email, banking, work, and social accounts.

Should I use a password manager?

Usually, yes. A trusted password manager makes it practical to keep long, unique passwords without memorizing each one. Protect the manager with a strong unique main password and multi-factor authentication.

What do I do when a website rejects a generated password?

Check the form for a maximum length, allowed symbols, banned characters, and required character types. In Website Requirement Mode, set those visible rules and generate again.

Does the shared rule link expose my generated password?

No. A rule link contains configuration only, such as length and allowed characters. It never includes generated passwords or passphrases.

What should I do after a password breach?

Change the affected password promptly, change it anywhere it was reused, and enable multi-factor authentication. Review account recovery details and active sessions for important accounts.