Password Generator
Generate strong, random passwords with customizable length and character options. All generation happens in your browser.
How It Works
The Password Generator produces strong, random passwords using the browser’s crypto.getRandomValues — a cryptographically secure source backed by your operating system’s entropy pool, the same source used for TLS keys and session tokens. Choose a length and toggle which character pools to include (uppercase A–Z, lowercase a–z, digits 0–9, and symbols), and the tool draws each character uniformly from the combined pool, which means every password is statistically independent and equally hard to guess. Alongside the password, the tool displays the entropy in bits — log2 of (poolSize ^ length) — so you can see at a glance how strong the password is. As a rough guide: under 60 bits is weak (crackable by a determined attacker), 80 bits is reasonable for ordinary accounts, 128 bits is strong even against the largest known cracking rigs. Click Regenerate for a fresh password; nothing is stored, logged, or transmitted, and the password exists only in the current tab.
Use Cases
- Creating a strong master password for a password manager
- Generating random credentials for a new service account
- Producing a high-entropy passphrase for disk encryption
- Teaching users about password strength and character pool size
Frequently Asked Questions
- Is the random source actually secure?
- Yes — crypto.getRandomValues is backed by the OS's secure random source (urandom on Linux/macOS, BCryptGenRandom on Windows). It is the same source TLS uses for keys.
- How many bits of entropy do I need?
- At least 80 for normal accounts, 100+ for anything sensitive. The displayed entropy assumes character independence — a uniform random password meets the assumption; human-chosen ones rarely do.
- Why do some sites reject generated passwords?
- Some sites disallow specific characters or impose maximum lengths. Re-generate with the symbol set turned off, or shorten the length to satisfy the form.
- Is the password sent anywhere?
- No. Generation happens in your browser and the password exists only in the page until you copy it elsewhere.
- Should I use a passphrase instead?
- A long random passphrase (5–7 words from a large list) reaches comparable entropy and is easier to memorise. This tool focuses on character-based passwords; for diceware-style passphrases, use a dedicated tool.