Password Generator

Create strong, truly random passwords in your browser — with adjustable length, character sets and a live entropy estimate.

Your password · ~103 bits of entropy
Generated locally with a cryptographic random source. Never sent anywhere.

How this generator works

Passwords are built from the character sets you select using crypto.getRandomValues() — the same cryptographically secure random source used by password managers. Because the page is static, there is no server-side code involved at all: you can even disconnect from the internet after loading the page and it keeps working.

What makes a password strong

  • Length beats complexity: a 20-character password from letters only is stronger than 10 characters with symbols.
  • Randomness: humans are terrible at being random — patterns like Name+Year are cracked first.
  • Uniqueness: one site, one password. A manager makes this effortless.

Aim for at least 80–100 bits of entropy for accounts that matter; the entropy estimate is shown next to every generated password.

Frequently asked questions

Is it safe to generate a password online?

It is safe here because generation happens entirely in your browser using the Web Crypto API (crypto.getRandomValues). The password never travels over the network and we never see it.

How long should a password be?

For important accounts, 16 characters or more with mixed character sets is a good baseline — that is roughly 100+ bits of entropy, far beyond practical brute-force attacks.

What is password entropy?

Entropy measures unpredictability in bits: length × log₂(size of the character pool). Each extra bit doubles the number of guesses an attacker needs.

Should I reuse a strong password on several sites?

No. Data breaches leak passwords regardless of their strength. Use a unique password per site and store them in a password manager.