Password Generator

Generate strong, cryptographically secure passwords directly in your browser — nothing sent to any server.

Length: 16

Uppercase (A–Z)

Lowercase (a–z)

Numbers (0–9)

Symbols (!@#…)

Exclude ambiguous characters (0 O l I 1)

Number of passwords to generate

Frequently Asked Questions

Passwords are generated using the browser's crypto.getRandomValues() API, which uses the operating system's cryptographically secure pseudo-random number generator (CSPRNG). This is the same source of entropy used by security-sensitive applications. No passwords are ever sent to a server.

A strong password is long (16+ characters), uses all four character classes (uppercase, lowercase, numbers, symbols), has no recognizable words or patterns, and is unique per account. Aim for at least 128 bits of entropy for high-security use cases — this tool shows the entropy in bits for each generated password.

How the Password Generator Works

Every password is built from cryptographically secure random data — the same source of entropy used in security-critical software.

Build Character Pool

The selected character classes (uppercase, lowercase, digits, symbols) are combined into a pool string. Ambiguous characters (0 O l I 1) can be excluded to improve human readability.

Cryptographic Randomness

The browser's crypto.getRandomValues() fills a Uint32Array with OS-level random bytes. The value modulo the pool length selects a character — no predictable pattern is ever introduced.

Entropy Estimation

Strength is shown as entropy in bits: log₂(pool_size^length). A 16-char password from all classes has ~105 bits — far beyond what any brute-force attack can realistically reach.

Common Use Cases

User Account Credentials

Generate unique passwords for every account you create — email, banking, work systems. Using the same password across services means one breach exposes everything.

Service & API Passwords

Database passwords, SMTP credentials, and admin panel access should all use long random passwords (24+ characters) since they're stored in config and never typed manually.

Temporary Passwords

When resetting a user's password, generate a temporary one here and immediately prompt the user to change it on next login. 12-character alphanumeric is a good balance of security and usability.

Wi-Fi Passphrases

WPA2/WPA3 passphrases should be at least 12 characters. A longer alphanumeric passphrase (20–32 characters) typed once into devices is both strong and manageable.

Encryption Keys & Secrets

App secret keys, JWT signing secrets, and encryption passphrases benefit from maximum randomness. Use 32+ characters with all classes, or use the Random String Generator for hex-encoded keys.

Bulk Account Setup

Use the count selector to generate up to 20 unique passwords at once — useful when provisioning multiple user accounts or testing environments that each require distinct credentials.