PassLab
Work Tools

Password for
Wi-Fi

Home Wi-Fi using WPA2 or WPA3 supports passwords between 8 and 63 ASCII characters. The practical recommendation in 2026 is a 20-character random string drawing from all four character classes — roughly 131 bits of entropy and well out of reach of any offline brute-force attack against a captured WPA handshake. Generate one below — it is created inside your browser using the Web Crypto API and is never sent to a server. Set the password on your router admin page (usually 192.168.0.1 or 192.168.1.1), and write it down somewhere physical rather than sharing it electronically — your Wi-Fi password is the single credential that lets anyone on your network reach every device on it, from smart speakers to printers and your work laptop. Use a separate guest network for visitors so your main credential stays in a small circle.

Generator
min 8· max 63
StrengthVery weak · 0 bits
Time to crack
instant
at 10 billion
guesses / second
20
664
Generated with crypto.getRandomValues() — never leaves your tab.

Wi-Fi password rules

Min length
8 chars
Max length
63 chars
Recommended
20+ chars
Security note

Work accounts often have access to company data. A breach here can affect your whole organisation — treat this password like an admin credential.

The maths, specific to Wi-Fi

Wi-Fi network passwords protect more than your internet bandwidth — they are the boundary between the internet and the LAN that contains your laptop, phone, smart-home hubs, printers and any IoT device that quietly assumes the local network is trusted. The standard attack on WPA2 is to capture the 4-way handshake (about a minute of waiting) and run it through Hashcat against a wordlist or brute-force keyspace. The maths matters. An 8-character all-lowercase passphrase gives roughly 38 bits of entropy — crackable by a modern GPU in hours. Push to 20 characters with all four classes and you reach around 131 bits — beyond the realistic budget of any commodity or state-funded attacker.

Why Wi-Fi accounts are targeted

Home Wi-Fi networks are targeted in two distinct ways. Opportunistic attackers — neighbours, war-drivers — try to crack the network for free internet or to use the connection for activity they would rather not trace back. The more serious threat is anyone who can briefly capture the WPA handshake while your network is in range; with that capture they can attempt an offline brute-force at their leisure, with no rate limit and no detection. A long random WPA2 or WPA3 password defeats both. Equally important: change the router admin password (often left at "admin/admin"), turn off WPS, and keep firmware updated — the password protects the network, but the router itself remains the gateway.

Source for Wi-Fi's password rules: Wi-Fi's official help page.

Common questions about Wi-Fi passwords

Reviewed by Marcin Lewandowski — product designer, 20+ years building digital products and privacy-respecting tools.

Last reviewed: . Reviewed quarterly; primary sources re-checked each review.