Password Tools

Password Generator

Generate strong, random passwords in your browser — free, instant and private. Nothing is uploaded; every password is created on your device.

Generated entirely in your browser with crypto.getRandomValues — nothing is ever sent to a server.

How to generate a password

  1. Drag the length slider to choose how many characters you need.
  2. Toggle uppercase, lowercase, digits and symbols on or off to match a site's rules.
  3. Click Regenerate for a new password, or Copy to copy the current one.

Length and entropy

A password's strength comes down to how many possible combinations an attacker would have to try — its entropy, measured in bits. Every character you add and every character class you enable multiplies the search space, so a longer password with mixed character types is exponentially harder to crack than a short one, even with unusual characters.

Why passphrases can be a good alternative

Long strings of random characters are the strongest option mathematically, but they are hard to type and remember. If you need a password you can occasionally type by hand — like a device passcode or password manager master password — a passphrase of random words can reach similar entropy while staying far easier to recall.

Good password habits

  • Use a different, randomly generated password for every account.
  • Store passwords in a password manager rather than memorizing or reusing them.
  • Enable two-factor authentication wherever it's offered, on top of a strong password.
  • Never share a generated password over email or chat in plain text.

Related tools

Frequently asked questions

Are my generated passwords sent to a server?
No. Every password is created locally in your browser using the Web Crypto API (crypto.getRandomValues). Nothing is transmitted, logged, or stored anywhere — closing the tab is enough to make sure it is gone.
How long should my password be?
Aim for at least 12–16 characters for everyday accounts, and 20+ for anything sensitive like a password manager master password or financial account. Length matters more than complexity: each extra character multiplies the number of guesses an attacker needs.
Should I include symbols and numbers?
Yes, when a site allows it. Mixing uppercase, lowercase, digits and symbols increases the character set an attacker has to search, which raises entropy for the same length. If a site rejects symbols, compensate by making the password longer.
What do the strength meter and "bits" mean?
Bits of entropy measure how many guesses, on average, it would take to find your password by brute force — each additional bit doubles the search space. Above roughly 60 bits is considered good for most accounts; 100+ bits is very strong.
Is it safe to use a randomly generated password I can't remember?
Yes — that's the point. Random passwords are meant to be stored in a password manager, not memorized. Reusing a memorable password across sites is far riskier than using a strong random one you don't have to recall.
Can this tool generate multiple passwords at once?
Click Regenerate as many times as you like — each click produces a brand-new random password instantly, so you can keep clicking until you have one for every account you need.
Why does unchecking every character type re-check one automatically?
A password needs at least one enabled character class to be generated. If you turn off the last one, the tool keeps a class enabled so you always get a valid, non-empty password.