Password Generator
Generate strong, random passwords using your browser's cryptographic random source. Choose the length and character sets, see the entropy in bits, and copy the result — passwords are created on your device and never transmitted.
What makes a password strong
Strength is measured in entropy — the number of equally-likely possibilities an attacker must try. Each additional character multiplies the search space, which is why length beats complexity: a 16-character lowercase-plus-digits password (~82 bits) is far stronger than an 8-character everything password (~52 bits).
This generator uses crypto.getRandomValues — the browser's cryptographically secure random source — with unbiased sampling, and guarantees at least one character from each set you select. As a rule of thumb: 45 bits is weak, 70+ bits is strong for online accounts, and 100+ bits is effectively uncrackable with current hardware.
Never reuse passwords across sites; a password manager plus unique generated passwords is the combination that actually protects accounts. Because generation happens locally, nothing you create here ever touches a network.
How to use Password Generator
- 1Set the length (12+ recommended; 16 is a strong default).
- 2Choose which character sets to include, and optionally avoid look-alike characters.
- 3Check the entropy readout — aim for 70+ bits.
- 4Copy a password, or generate several and copy them all.
Frequently asked questions
Are these passwords generated on a server?
No. Passwords are generated on your device with the Web Crypto API and are never sent anywhere — you can verify no network requests occur in your browser's DevTools.
How long should my password be?
16 characters with mixed sets is a strong default (100+ bits). Use at least 12 for anything that matters, and longer for critical accounts.
What does the entropy number mean?
It's the size of the search space in bits — each extra bit doubles the number of guesses an attacker needs. 70+ bits is strong for online accounts.
Why avoid look-alike characters?
Characters like I, l, 1, O and 0 are easy to confuse when typing a password manually. Excluding them slightly reduces entropy but prevents lockouts from misreading.