Human Brains Create Predictable Patterns
Studies of leaked password databases reveal that humans gravitate toward specific patterns: words followed by numbers, starting with capital letters, ending with exclamation points. These patterns are so common that attackers build them directly into their cracking strategies. What feels creative to you is statistically typical.
Dictionary and Rule-Based Attacks
Modern password crackers don't just try random characters — they combine dictionary words, apply common substitutions, append years and numbers, and test thousands of rule variations per second. Your 'clever' password that combines two words and your birth year is likely in an attacker's ruleset within minutes of starting a crack attempt.
How Cryptographic Randomness Differs
A cryptographic random number generator (CSPRNG) produces output that has no detectable pattern whatsoever. It draws from system entropy — mouse movements, timing variations, hardware noise — to generate values that are statistically indistinguishable from ideal randomness. Your browser exposes this through window.crypto.getRandomValues().
The Trade-off: Memorability
The obvious drawback of random passwords is that they're impossible to memorize. This is a feature, not a bug. Passwords you can memorize are by definition constrained by human memory — which means they're constrained by human patterns. The solution is a password manager, not more memorable passwords.
Memorable passwords trade security for convenience in a way that fundamentally compromises your protection. Randomly generated passwords, stored in a password manager, are the only truly safe approach.