Password Generator
Generate secure random passwords
16
664
About This Tool
Most people's passwords are too short, reused across sites, or based on something guessable. This generator uses crypto.getRandomValues — the same OS-level randomness used for cryptographic keys — not Math.random. Adjust the length and character mix, watch the strength bar, and copy when you're happy. Nothing leaves your browser.
Features
- ✓Cryptographically secure randomness — Powered by Web Crypto API's crypto.getRandomValues — OS-level entropy, not predictable pseudorandom numbers.
- ✓Length from 6 to 64 — Use the slider or type a number directly. Covers the requirements of virtually any site or service.
- ✓Mix and match character sets — Toggle uppercase, lowercase, digits, and symbols independently. Useful when a site has specific restrictions.
- ✓Strength feedback as you adjust — Evaluates strength based on length and character variety in real time, shown as a color-coded bar from Weak to Very Strong.
- ✓Password never leaves your device — Generated entirely in your browser, no network request, nothing stored or transmitted.
FAQ
- How long does a password need to be?
- 12 characters is the minimum most security professionals recommend, with 16+ being comfortably safe. Each additional character multiplies the number of combinations an attacker has to try. A 16-character password with mixed character types would take centuries to brute-force with current hardware.
- Is this actually secure?
- Yes. crypto.getRandomValues pulls from the operating system's entropy pool — the same source used for TLS keys and cryptographic operations. It's fundamentally different from Math.random(), which is predictable. The password is generated locally and never leaves your browser.
- Why shouldn't I reuse passwords?
- If any site you use gets breached, attackers try the leaked credentials on every other popular service. This is called credential stuffing, and it's extremely common. Using unique passwords per site means one breach doesn't cascade into others. A password manager (Bitwarden, 1Password) handles the memorization.
- How is the strength score calculated?
- It estimates the total number of possible combinations: character pool size raised to the power of password length. More character types and greater length push the score up. It's an approximation of brute-force difficulty, not a guarantee.