ZZPass.com
Creating strong, unique passwords for every account is one of the most important things you can do to protect your online security. ZZPass includes a powerful password generator that creates cryptographically secure passwords tailored to your needs. This guide explains how to use the password generator and why strong passwords matter.
Brute Force Attacks
Attackers use automated tools to try millions of password combinations per second. A weak password like "password123" can be cracked in seconds. A 16-character random password would take trillions of years.
Data Breaches
When websites are hacked, password databases are often stolen. If you reuse the same password across sites, one breach can compromise all your accounts. Unique passwords limit damage to just one account.
Credential Stuffing
Attackers take leaked usernames and passwords from one site and try them on hundreds of other sites. Using unique passwords for every account prevents this attack from succeeding.
Length: Longer is always better. Each additional character makes your password exponentially harder to crack. Aim for at least 16 characters when possible.
Randomness: True random passwords (like "xK9#mP2!vL3@") are more secure than patterns or dictionary words. ZZPass uses cryptographic randomness, not predictable algorithms.
Character Variety: Mixing uppercase, lowercase, numbers, and symbols increases the number of possible combinations an attacker must try.
Uniqueness: Every account should have a different password. ZZPass makes this easy by generating and storing unique passwords for you.
No Need to Remember
Since ZZPass stores your passwords securely, you can use passwords that are impossible to remember - and therefore impossible for attackers to guess.
Cryptographically Secure
ZZPass uses Apple's SecureRandom API, which relies on hardware-based random number generation. This ensures true randomness that can't be predicted.
Instant Generation
Generate a new password in seconds, directly within the password creation form. No need to open a separate tool or website.
When Creating a New Password:
1. Tap the + button to create a new password
2. Enter the website or app name
3. Enter your username or email
4. In the password field, tap the dice icon 🎲 or Generate button
5. A strong password will be automatically generated
6. Tap Save to store it
When Editing an Existing Password:
1. Tap on the password you want to update
2. Tap Edit
3. Tap the dice icon 🎲 next to the password field
4. A new password will be generated
5. Tap Save
When Creating a New Password:
1. Click the + button or press ⌘N
2. Enter the website or app name
3. Enter your username or email
4. Click the Generate Password button next to the password field
5. A strong password will be created automatically
6. Click Save or press ⌘S
When Editing an Existing Password:
1. Select the password you want to update
2. Click Edit or press ⌘E
3. Click Generate Password
4. Click Save
iOS (Safari and other apps):
1. When creating a new account on a website or app
2. Tap in the password field
3. iOS will suggest "Strong Password" from ZZPass
4. Tap to accept the suggested password
5. ZZPass automatically saves it
macOS (Safari):
1. When creating a new account in Safari
2. Click in the password field
3. Look for the key icon and "Use Strong Password"
4. Click to use the suggested password
5. ZZPass automatically saves it
Default: 20 characters
ZZPass generates 20-character passwords by default, which provides excellent security for most uses.
Adjustable from 12 to 100 characters
Tap/click the Options or Settings icon next to the password generator to customize:
• 12-16 characters: Minimum recommended for security
• 20-32 characters: Excellent balance (recommended)
• 40-100 characters: Maximum security for sensitive accounts
Tip: Longer is always better for security, and since ZZPass remembers it for you, there's no downside to using very long passwords.
Default: All character types enabled
You can customize which character types to include:
✓ Uppercase Letters (A-Z): Enabled by default
✓ Lowercase Letters (a-z): Enabled by default
✓ Numbers (0-9): Enabled by default
✓ Symbols (!@#$%^&*): Enabled by default
When to Disable Character Types:
• Some older websites don't allow symbols
• Banking sites sometimes restrict special characters
• Legacy systems may have character limitations
Recommendation: Only disable character types if a website explicitly doesn't accept them. More variety = more security.
Don't Like the Password?
You can generate as many passwords as you want until you find one you're happy with.
On iPhone/iPad:
• Tap the dice icon 🎲 again to generate a new password
• Each tap creates a completely new random password
On Mac:
• Click "Generate Password" again
• Or press ⌘R to regenerate
Note: All passwords are equally secure (when using the same length and character types). The main reason to regenerate is if a website rejects the password due to character restrictions.
Use generated passwords for every account
Let ZZPass generate a unique password for every website and app. This is the single best thing you can do for security.
Use the longest password the site allows
If a website accepts 50-character passwords, use 50 characters. More length = exponentially more security.
Update old weak passwords
Go through your existing passwords and regenerate any that are:
• Shorter than 12 characters
• Dictionary words or common phrases
• Reused across multiple sites
• More than 2 years old
Check Password Health regularly
Use ZZPass's Password Health feature to identify weak, reused, or compromised passwords.
Don't create your own passwords
Human-created passwords are predictable. Even "random" passwords you think you're creating follow patterns that attackers can exploit.
Don't use memorable patterns
Passwords like "Summer2024!" or "MyDog123" are weak because they follow predictable patterns (dictionary word + number + symbol).
Don't reuse passwords
Never use the same password for multiple accounts, even if it's a generated password. Each account should have its own unique password.
Don't shorten generated passwords unnecessarily
If a site accepts 30 characters, don't use 12. There's no benefit to making passwords shorter when you're using a password manager.
Your Primary Password (for ZZPass itself)
This is the ONE password you need to remember. Use a long passphrase like "correct-horse-battery-staple" rather than a generated password.
Passwords you type on other devices
If you need to type a password on a device where ZZPass isn't available (work computer, smart TV, gaming console), consider a shorter generated password (16-20 chars) or a memorable passphrase.
WiFi Passwords
If you share WiFi with guests, use a memorable passphrase instead of a random password. Example: "PurplePanda-Drinks-CoffeeDaily"
Shared Account Passwords
For accounts shared with family (Netflix, utilities), consider a shorter generated password that can be typed on various devices.
Character Space
The strength of a password depends on the "character space" - the number of possible characters that could be used:
• Lowercase only: 26 possibilities per character
• + Uppercase: 52 possibilities
• + Numbers: 62 possibilities
• + Symbols: 94+ possibilities
Length Multiplier
Each additional character multiplies the total possible combinations. A 20-character password with all character types has 94^20 possible combinations (over 10^39 possibilities).
Assuming 1 billion guesses per second:
• 8 chars, lowercase only: 30 minutes
• 8 chars, all types: 7 years
• 12 chars, all types: 3 million years
• 16 chars, all types: 92 trillion years
• 20 chars, all types: 10^27 years (essentially impossible)
ZZPass default (20 chars, all types): More than the age of the universe to crack by brute force.
ZZPass shows a visual strength indicator when you generate or enter passwords:
🔴 Weak: Less than 8 characters or common patterns
🟠 Fair: 8-11 characters with limited variety
🟡 Good: 12-15 characters with variety
🟢 Strong: 16-19 characters, all types
🔵 Excellent: 20+ characters, all types
Aim for Strong or Excellent for all important accounts (email, banking, social media, work).
Yes. After saving a password, you can view it at any time by:
iOS: Tap the password entry, then tap the eye icon 👁️ to reveal the password
macOS: Select the password entry, and the password will be displayed (hidden by default with reveal button)
You can also copy the password to your clipboard with one tap/click.
Some websites have restrictions like:
• Maximum length (e.g., 20 characters)
• No symbols allowed
• Specific symbol requirements
Solution:
1. Tap/click the generator options
2. Adjust length or disable symbols
3. Generate a new password
4. Try again on the website
If a site has very restrictive requirements, use the longest password it allows with the most character variety it accepts.
Modern security advice: Not necessarily.
If you're using strong, unique passwords generated by ZZPass, regular password changes don't significantly improve security. They can even reduce security if users choose weaker passwords to make them easier to remember.
Change your password immediately if:
• You receive a breach notification
• You suspect unauthorized access
• You shared it with someone
• The account is important and the password is old/weak
Otherwise: Strong, unique passwords can last indefinitely.
Yes. ZZPass uses Apple's SecureRandom API, which generates cryptographically secure random numbers using hardware-based entropy sources.
This means the passwords are truly unpredictable and cannot be guessed even if an attacker knows the algorithm used to generate them.
Yes! The password generator can create secure strings for:
• WiFi passwords
• API keys
• Security questions (use random answers)
• PINs (use numbers-only mode)
• Secure tokens
• Recovery codes
Just adjust the length and character types for your specific needs.
This is statistically impossible. With 20 characters and 94 possible characters per position, there are 94^20 (over 10^39) possible passwords.
To put this in perspective: if ZZPass generated 1 billion passwords every second since the Big Bang (13.8 billion years ago), the chance of a duplicate would still be essentially zero.
You will never encounter a duplicate generated password in your lifetime.
Step 1: Check Password Health
Open ZZPass and go to Settings → Password Health (or Security Dashboard). This will show you:
• Weak passwords (short or common)
• Reused passwords (same password on multiple sites)
• Compromised passwords (found in data breaches)
Step 2: Prioritize Important Accounts
Update passwords for critical accounts first:
1. Email accounts (can be used to reset other passwords)
2. Banking and financial accounts
3. Work and professional accounts
4. Social media (to prevent identity theft)
5. Cloud storage (iCloud, Google Drive, Dropbox)
Step 3: Visit Each Website
1. Open the website in your browser
2. Log in with your current password
3. Go to Account Settings → Change Password
4. In ZZPass, edit the password entry and tap/click "Generate Password"
5. Copy the new password and paste it on the website
6. Save in both places
Step 4: Track Your Progress
You don't need to update everything at once. Do a few accounts per week until you've covered your most important accounts. ZZPass's Password Health feature will show your improvement over time.
→ Account Recovery Guide - Creating a strong primary password
→ AutoFill Explained - Using generated passwords with AutoFill
→ ZZPass for iOS - Complete guide for iPhone and iPad
→ ZZPass for macOS - Complete guide for Mac
→ End-to-End Encryption - How your passwords are protected
Last updated: February 2026 | iOS 17+ | macOS 14+