Password Generator
Generate cryptographically secure, random passwords with custom length and character sets.
How to Use
Set the Password Length
Drag the slider to choose a length between 8 and 64 characters. For most accounts, 16 or more characters is recommended. The current length is displayed in real time above the slider.
Choose Character Types
Enable or disable uppercase letters, lowercase letters, numbers, and symbols using the checkboxes. You can also enable "Exclude ambiguous characters" to avoid look-alike characters like O, 0, l, I, and 1.
Generate Your Password
Click "Generate" to create a new random password, or simply adjust any setting and a new password appears automatically. The strength meter shows Weak, Fair, Good, or Strong based on length and character diversity.
Copy or Bulk Generate
Click "Copy" to copy the password to your clipboard, or click "Generate 10 Passwords" to produce a batch of 10 unique passwords with individual copy buttons for each one.
Password Generator — Create Strong, Random Passwords Instantly
A good password needs to be long, random, and unique for each account. The problem is that humans are bad at generating randomness — we naturally gravitate toward patterns, words, and sequences that are predictable to a computer doing a brute-force attack. This generator uses your browser's cryptographically secure random number generator to produce genuinely unpredictable passwords.
What makes a password strong?
Password strength is primarily about length and entropy (randomness). A 16-character password using uppercase, lowercase, numbers, and symbols has approximately 100 bits of entropy — it would take billions of years to crack with current computing power even using optimised brute-force attacks. A 6-character password, even with special characters, can be cracked in minutes with the right hardware.
The practical rule: 12 characters minimum, 16+ for anything important. Use all character types (uppercase, lowercase, numbers, symbols) unless the service restricts which characters are allowed.
Generator options
Length: Increase this as much as the service allows. Most services accept up to 64 or 128 characters. Use 16–20 for general accounts, 24+ for high-value accounts like email and banking.
Uppercase letters (A-Z): Expands the character set, increasing entropy. Almost always available on every service.
Lowercase letters (a-z): Same as uppercase — keep this on.
Numbers (0-9): Add numeric characters to the mix.
Special characters (!@#$%^&*): Many services require at least one special character. Some older systems only allow a subset of special characters — if the generated password is rejected, try disabling special characters and using a longer length to compensate.
Exclude ambiguous characters: Removes characters that look similar (0/O, 1/l/I) which can cause problems when transcribing a password by reading it.
Common use cases
Account registration: Every new account should get a unique, randomly generated password. If any service gets hacked and your password is leaked, having unique passwords means only that one account is compromised — not every other account that shares the same password.
Password manager master passwords: Ironically, a password manager's master password often needs to be memorable since you can't store it in the manager itself. For this specific case, a long passphrase (four or five random words) may be better than a random string — it's more memorable and still highly secure.
Bulk password generation for admin work: IT administrators setting up new accounts, creating test users, or resetting temporary passwords can use the bulk generation mode to create multiple unique passwords at once.
API keys and temporary credentials: When you need a random string to use as an API key, session token, or temporary access code in a project, a generated password serves this purpose well. Use a high-entropy 32+ character string without special characters if your system requires alphanumeric-only tokens.
Tips
The generated password is shown in your browser and never sent to any server. However, once you copy it and type it into a site, it leaves your device. For maximum security, use a password manager (Bitwarden, 1Password, KeePass) to store the generated password immediately — don't rely on browser autofill alone, and don't store passwords in plain text documents or notes apps.
If a site rejects your generated password (some sites have peculiar restrictions on which special characters are allowed, or maximum length limits), disable the special characters option and generate again, then manually add one or two acceptable special characters if required.
Limitations
This generator uses window.crypto.getRandomValues() — the browser's built-in cryptographically secure pseudorandom number generator (CSPRNG). This is the same source of randomness used in professional password managers and is suitable for generating strong passwords. However, no web tool can guarantee that your device, browser, or clipboard haven't been compromised by malware. On a compromised device, any password generation tool is less secure.
Passphrases (sequences of random words) are not generated here — those require a wordlist. For passphrase generation, use a dedicated tool that generates EFF-style passphrases from a large wordlist.
Frequently Asked Questions
Yes. Passwords are generated using crypto.getRandomValues(), which is the Web Cryptography API built into your browser. This provides cryptographically strong randomness, making the passwords resistant to brute-force and prediction attacks. The generation is statistically unbiased because each character is selected using modular reduction from the random byte values.
No. Every password is generated entirely within your browser and is never transmitted to any server. No logs are kept, no cookies store your passwords, and nothing is saved to any database. Once you close or refresh the page, the password is gone.
A strong password has at least 16 characters and uses a mix of uppercase letters, lowercase letters, numbers, and symbols. It should not contain dictionary words, names, or predictable patterns. Longer passwords with more character variety have exponentially more possible combinations, making them far harder to crack.
Most modern websites accept symbols in passwords, but some older or poorly built systems restrict certain special characters. If a website rejects your password, try turning off symbols and regenerating. You can always re-enable symbols for other accounts that support them.
Characters like the digit zero (0), capital O, lowercase L (l), capital I, and the digit one (1) look nearly identical in many fonts. If you ever need to type a password manually — for example, on a TV, game console, or shared device — excluding these characters prevents transcription errors and saves frustration.