Password Generator
Generate strong, secure random passwords with customizable length and character types.
Everything you need to know about secure password generation
Why use a password generator?
This generator uses crypto.getRandomValues(), a CSPRNG (cryptographically secure pseudo-random number generator) built into your browser. Unlike Math.random(), it produces unpredictable values suitable for security. A 16-character password with all 4 types (uppercase, lowercase, numbers, symbols) reaches approximately 105 bits of entropy.
NIST recommends a minimum of 12 characters for passwords. Dictionary attacks exploit predictable human patterns: dates, names, keyboard sequences ("qwerty", "123456"). A random password eliminates these weaknesses. With 16 characters and all types enabled, a brute-force attack would take billions of years with current computing power.
The password is generated entirely in your browser. No data is sent to any server, no password is stored or logged. You can verify the absence of network requests in your browser's developer tools.
Who uses this tool?
- Individuals
- Create unique passwords for every online account: email, banking, social media. Replace weak or reused passwords that expose all your accounts in case of a data breach.
- IT administrators
- Provision employee accounts with strong initial passwords, generate secrets for internal services, and create temporary passwords that comply with corporate security policies.
- Developers
- Generate API keys, application secrets, JWT tokens, and database passwords. The tool supports up to 128 characters for use cases requiring maximum entropy.
- Security-conscious users
- Systematically replace passwords after a data breach notification. Generate long passphrases for password managers and encryption keys.
How does this tool work?
Set the desired length (8 to 128 characters) with the slider, then select which character types to include: uppercase, lowercase, numbers, and/or special characters.
Click "Generate password." The tool uses crypto.getRandomValues() to create an array of random integers, then maps each value to a character from the selected set. The result is a uniformly distributed password.
The strength indicator evaluates your password by combining length and the number of character types. Copy the password in one click and store it in your password manager.
Frequently asked questions
- Why is this generator safer than a manually chosen password?
- This generator uses crypto.getRandomValues(), a CSPRNG built into the browser. A 16-character password with uppercase, lowercase, numbers, and symbols reaches approximately 105 bits of entropy, making it resistant to any current brute-force attack. Humans choose predictable patterns that attackers exploit with dictionary attacks.
- What password length is recommended?
- NIST recommends a minimum of 12 characters. For critical accounts (banking, primary email), 16 to 20 characters with all character types enabled provide a comfortable security margin. The tool supports up to 128 characters for specific use cases like API keys.
- Is the generated password sent or stored anywhere?
- No. The password is generated entirely in your browser via crypto.getRandomValues(). No data is sent to any server, no password is stored or logged. You can verify this in your browser's network tools: no HTTP request is made during generation.
- How does the password strength indicator work?
- The indicator evaluates strength by combining two factors: password length and the number of active character types (uppercase, lowercase, numbers, symbols). A short password with a single type will be rated "Weak," while a 20+ character password with all 4 types will be rated "Very strong." It is a practical estimate, not an exact entropy calculation.