Password Generator
Create strong, random passwords right in your browser. No data sent to any server.
How the password generator works
A strong password is the first line of defense for your accounts. Its strength depends on two things: length and the variety of characters used. The longer a password is, and the more it draws on different character sets (lowercase, uppercase, digits and symbols), the harder it becomes to guess or brute-force with an automated attack. This tool generates fully random passwords according to the criteria you choose, right in your browser.
Randomness comes from the browser's Web Crypto API (crypto.getRandomValues), a cryptographic-quality source of random numbers — far safer than a plain Math.random(). To avoid statistical bias when picking characters, the tool uses a technique called rejection sampling, which ensures every character in the set has exactly the same probability of being chosen.
You can adjust the length, toggle individual character types on or off, and exclude ambiguous characters (like O and 0, or l and 1) for passwords that are easier to read and transcribe. The strength indicator estimates entropy in bits — how unpredictable the password is. Everything happens in your browser: no password is ever sent to or stored on a server.
Frequently asked questions
- Are passwords generated on a server?
- No. Generation happens entirely in your browser via the Web Crypto API. No password is transmitted or stored — after the page first loads you can even use the tool offline.
- How long should a secure password be?
- As a rule of thumb, at least 12–16 characters with a mix of lowercase, uppercase, digits and symbols. Longer is better: length matters more for security than the complexity of individual characters.
- What does the strength indicator mean?
- It estimates the password's entropy in bits — how unpredictable it is. Roughly: below 40 bits is weak, above 80 bits is very strong. It's a theoretical estimate based on length and character-set size.
- Why exclude ambiguous characters?
- Characters like O and 0, or l (lowercase L) and 1, can be confused when a password is read or transcribed by hand. Excluding them makes the password more convenient, reducing the character space only slightly.