Skip to content

Password Generator

In-browser only Web Crypto API crypto.getRandomValues()
R RegenerateC Copy
Character types
Exclude ambiguous charactersRemoves 0 O 1 l I 5 S B 8
Bulk generation
Generated password
Strength

Generated in your browser using crypto.getRandomValues().
Related tools View all →

Overview

Strong passwords, generated on your device

Create strong random passwords or memorable passphrases instantly. Tune length, character types, and word count, and read the live entropy-based strength meter. Runs entirely in your browser — nothing leaves this page.

  • Random password & passphrase modes
  • Length 6–64 / 3–10 words
  • Live entropy-based strength meter
  • Exclude look-alike characters
  • Bulk generate up to 100
  • Runs entirely in your browser
  • Generated entirely in your browser
  • Cryptographically secure randomness
  • Nothing sent to a server or stored
  • Works offline once the page loads
  • New account registration
  • Replacing a breached password
  • Wi-Fi and router passphrases
  • API keys and service credentials
  • Database and admin secrets

Guide

How to Use

  1. 1
    Pick a password type

    Use the Random Password tab for a high-entropy string, or the Passphrase tab for a sequence of words that is easier to remember and type.

  2. 2
    Tune the settings

    Set the length and toggle character types (or, for passphrases, the word count, separator and capitalization). Turn on Exclude ambiguous characters when you will type the password by hand. The strength meter updates as you go.

  3. 3
    Regenerate until satisfied

    Each Regenerate (or the R key) produces a fresh value with the same settings. Use the reveal toggle to mask it while you work.

  4. 4
    Copy it

    Click Copy (or press C) and paste straight into your password manager or the registration form.

  5. 5
    Generate in bulk

    Turn on Bulk generation, choose a count, then copy them all at once or download the list as a .txt file.

Reference

Strength by Configuration

Strength by Configuration
ConfigurationPool sizeEntropyRating
8 chars, lowercase only26~38 bitsWeak
12 chars, all types~88~78 bitsStrong
16 chars, all types~88~103 bitsVery Strong
4-word passphrase7,776 words~51 bitsFair
6-word passphrase7,776 words~77 bitsStrong

Pitfalls

Common Mistakes

  • Reusing one password everywhere

    If a single site is breached, every account sharing that password is exposed. Generate a unique password for each account and store them in a password manager.

  • Choosing too short a password

    An 8-character password can be cracked quickly with modern hardware, even with symbols. Use at least 12 characters, or a 4-word passphrase for memorable accounts.

  • Excluding character types to make typing easier

    Every type you disable shrinks the pool and lowers entropy. Keep all types on when a password manager handles typing; only exclude ambiguous characters when you must enter it by hand.

  • Treating a passphrase as weak because it is words

    A random 4-word passphrase from a 7,776-word list has roughly 51 bits of entropy — strength comes from random selection, not obscurity. Never hand-pick the words yourself.

Frequently Asked Questions

Are the passwords stored or sent anywhere?
No. Every password is generated entirely in your browser using your device's built-in cryptographic random number generator. Nothing is sent to a server or saved to storage. You can disconnect from the internet and the tool still works.
How is the randomness generated?
This tool uses crypto.getRandomValues(), a cryptographically secure random number generator built into every modern browser. It draws from the operating system's entropy source — far stronger than Math.random(), which is predictable and unsuitable for security.
How long should my password be?
Use at least 12 characters for everyday accounts, 16 or more for important accounts such as email and banking, and 20 or more for high-value targets like admin accounts and crypto wallets. With all character types enabled, a 16-character password has about 103 bits of entropy.
Should I use a random password or a passphrase?
Both can be strong. Random passwords pack the most entropy per character and suit password managers. Passphrases are longer but far easier to remember and type, which helps for accounts you must enter by hand. A 4-word passphrase reaches about 51 bits; 6 words reach about 77 bits.
What is entropy and how is it measured?
Entropy measures how unpredictable a password is, expressed in bits. For random passwords it is length times log2(pool size); for passphrases it is word count times log2(wordlist size). The strength meter labels values as Weak below 40 bits, Fair 40–59, Strong 60–79, and Very Strong at 80 and above.
What does "exclude ambiguous characters" do?
It removes characters that look alike in many fonts — 0 and O, 1 and l and I, 5 and S, 8 and B. This helps when you must type a password by hand on a device without paste. It is off by default because excluding characters slightly lowers entropy.
How do I generate many passwords at once?
Turn on Bulk generation, set a count between 1 and 100, and click Generate. You can copy every password at once or download the full list as a plain-text file. Bulk generation works in both random and passphrase modes.
Can I use this tool offline?
Yes. Once the page has loaded, password generation, the strength meter, and copying all work with no network connection. You can disconnect from the internet and keep generating passwords.