Password Generator
Create strong, truly random passwords in your browser — with adjustable length, character sets and a live entropy estimate.
How this generator works
Passwords are built from the character sets you select using
crypto.getRandomValues() — the same cryptographically secure random source used
by password managers. Because the page is static, there is no server-side code involved at
all: you can even disconnect from the internet after loading the page and it keeps working.
What makes a password strong
- Length beats complexity: a 20-character password from letters only is stronger than 10 characters with symbols.
- Randomness: humans are terrible at being random — patterns like Name+Year are cracked first.
- Uniqueness: one site, one password. A manager makes this effortless.
Aim for at least 80–100 bits of entropy for accounts that matter; the entropy estimate is shown next to every generated password.
Frequently asked questions
Is it safe to generate a password online?
It is safe here because generation happens entirely in your browser using the Web Crypto API (crypto.getRandomValues). The password never travels over the network and we never see it.
How long should a password be?
For important accounts, 16 characters or more with mixed character sets is a good baseline — that is roughly 100+ bits of entropy, far beyond practical brute-force attacks.
What is password entropy?
Entropy measures unpredictability in bits: length × log₂(size of the character pool). Each extra bit doubles the number of guesses an attacker needs.
Should I reuse a strong password on several sites?
No. Data breaches leak passwords regardless of their strength. Use a unique password per site and store them in a password manager.