Password Generator
Generate strong, random passwords in your browser — free, instant and private. Nothing is uploaded; every password is created on your device.
Generated entirely in your browser with crypto.getRandomValues —
nothing is ever sent to a server.
How to generate a password
- Drag the length slider to choose how many characters you need.
- Toggle uppercase, lowercase, digits and symbols on or off to match a site's rules.
- Click Regenerate for a new password, or Copy to copy the current one.
Length and entropy
A password's strength comes down to how many possible combinations an attacker would have to try — its entropy, measured in bits. Every character you add and every character class you enable multiplies the search space, so a longer password with mixed character types is exponentially harder to crack than a short one, even with unusual characters.
Why passphrases can be a good alternative
Long strings of random characters are the strongest option mathematically, but they are hard to type and remember. If you need a password you can occasionally type by hand — like a device passcode or password manager master password — a passphrase of random words can reach similar entropy while staying far easier to recall.
Good password habits
- Use a different, randomly generated password for every account.
- Store passwords in a password manager rather than memorizing or reusing them.
- Enable two-factor authentication wherever it's offered, on top of a strong password.
- Never share a generated password over email or chat in plain text.
Related tools
- Strong Password Generator — tuned defaults for maximum entropy.
- Passphrase Generator — memorable, word-based passwords.
Frequently asked questions
- Are my generated passwords sent to a server?
- No. Every password is created locally in your browser using the Web Crypto API (crypto.getRandomValues). Nothing is transmitted, logged, or stored anywhere — closing the tab is enough to make sure it is gone.
- How long should my password be?
- Aim for at least 12–16 characters for everyday accounts, and 20+ for anything sensitive like a password manager master password or financial account. Length matters more than complexity: each extra character multiplies the number of guesses an attacker needs.
- Should I include symbols and numbers?
- Yes, when a site allows it. Mixing uppercase, lowercase, digits and symbols increases the character set an attacker has to search, which raises entropy for the same length. If a site rejects symbols, compensate by making the password longer.
- What do the strength meter and "bits" mean?
- Bits of entropy measure how many guesses, on average, it would take to find your password by brute force — each additional bit doubles the search space. Above roughly 60 bits is considered good for most accounts; 100+ bits is very strong.
- Is it safe to use a randomly generated password I can't remember?
- Yes — that's the point. Random passwords are meant to be stored in a password manager, not memorized. Reusing a memorable password across sites is far riskier than using a strong random one you don't have to recall.
- Can this tool generate multiple passwords at once?
- Click Regenerate as many times as you like — each click produces a brand-new random password instantly, so you can keep clicking until you have one for every account you need.
- Why does unchecking every character type re-check one automatically?
- A password needs at least one enabled character class to be generated. If you turn off the last one, the tool keeps a class enabled so you always get a valid, non-empty password.