Password Generator

Generate strong passwords in your browser

This free password generator creates strong, random passwords using your browser's cryptographically secure random source. Choose a length, pick which character sets to include, and get a fresh password with a live strength estimate. Nothing is sent over the network, so the password exists only on your device.

No signup, no limits, no ads. Generate as many as you need.

How to use it

1. Set the length with the slider. Longer is stronger.
2. Choose character sets: lowercase, uppercase, numbers, and symbols. Turn on avoid look-alikes if the password will be typed by hand.
3. Read the strength bar to see the estimated entropy in bits.
4. Copy the password, or click regenerate for a new one.

Common use cases

• New accounts. Create a unique password for every signup and save it in your password manager.
• Rotating credentials. Replace a password that may have been exposed in a breach.
• Service and database accounts. Generate long machine credentials that are never typed by a human.
• Wi-Fi and device passwords. Use the avoid look-alikes option for passwords that get read off a label.
• API keys and secrets. Produce high-entropy random strings for tokens and shared secrets.

Why length beats complexity

The strength of a random password comes from entropy: the number of equally likely possibilities an attacker has to search. Adding length multiplies that space far faster than swapping a letter for a symbol. A 20-character password drawn from lowercase, upper, numbers, and symbols has well over 120 bits of entropy, which is beyond brute force for any realistic attacker. The one rule that matters more than any setting here is to never reuse a password across sites, so pair this generator with a password manager.

Frequently asked questions

Is the password sent anywhere?

No. Each password is generated in your browser using crypto.getRandomValues, the same cryptographically secure random source used for keys. It is never transmitted, logged, or stored on a server. Close the tab and it is gone.

Is this randomness actually secure?

Yes. The tool uses the Web Crypto API's CSPRNG and samples characters with rejection sampling so every character in your selected set is equally likely, with no modulo bias. That is meaningfully stronger than the Math.random used by many simple generators.

What does the entropy number mean?

Entropy, measured in bits, estimates how hard the password is to guess by brute force. It is the password length multiplied by the log base 2 of the character-set size. As a rule of thumb, 60 bits is fair, 80 bits is strong, and 128 bits is very strong.

How long should my password be?

For most accounts, 16 to 20 characters with a mix of character sets is excellent and lands in the strong-to-very-strong range. Length matters more than complexity, so a longer password from a smaller set can still be very strong.

What is the avoid look-alikes option?

It removes visually ambiguous characters such as the capital I, lowercase l, the digit 1, the capital O, and the digit 0. This is useful when a password might be read aloud or typed from a screen, at the small cost of a slightly smaller character set.

Should I reuse a generated password?

No. Generate a unique password for every account and store them in a password manager. Reuse is the single biggest cause of account takeovers, because a breach on one site then unlocks the others.