Generators

Password Generator

Generate strong, random passwords with custom length and character sets — everything runs locally in your browser.

What is a password generator?

A password generator is a tool that builds a random password for you, one character at a time, drawing from a pool of upper- and lowercase letters, numbers, and symbols. The value of using one instead of making up a password yourself is simple: humans pick predictable patterns, machines don't. This generator uses your browser's Web Crypto API — the same cryptographically secure randomness source used by banking and authentication code — rather than the weak 'Math.random()' fallback some online generators use. You control the length and which character classes to include; a 16-character password with three classes is already well past the point where brute-force cracking is feasible. Passwords are created on your device and never sent anywhere.

How to use the password generator

1
Set the length
Drag the slider. 12 is the short-but-acceptable floor; 16 is a good all-purpose length; 20+ is recommended for important accounts (email, banking, password manager master password).
2
Pick your character classes
Turn on uppercase, lowercase, numbers, and symbols as the target site allows. More classes = higher entropy per character, which means you can use a shorter password for the same strength.
3
(Optional) Exclude ambiguous characters
Turns off the characters that look alike in many fonts (capital I, lowercase l, digit 1, capital O, digit 0). Useful if you'll ever need to type the password from a printed or screenshotted copy.
4
Regenerate or copy
Tap the refresh icon to roll a new password, or the copy icon to send the current one to your clipboard. Paste it straight into a password manager — don't rely on memorising it.

How password strength is scored

entropy = length × log₂(charset_size)
 
charset sizes for each class:
  uppercase (A–Z)      = 26
  lowercase (a–z)      = 26
  digits    (0–9)      = 10
  symbols   (25 shown) = 25
 
strength bands (bits of entropy):
  <40  Very weak      60–80  Strong
  40–60  Weak         80–100 Strong
  60–80  Fair         ≥100 Very strong

Entropy is measured in bits — each bit doubles the number of possible passwords an attacker must try. A 12-character alphanumeric-lowercase password has log₂(36¹²) ≈ 62 bits, which is 'fair'; a 16-character password with all four classes hits about 105 bits, which is beyond what any practical brute-force attack can reach. The strength meter in this tool uses this entropy calculation, not a dictionary lookup, so it can't catch a generator that spits out 'password123' (though since this tool picks every character at random, that scenario is vanishingly unlikely).

Reference: NIST SP 800-63B — Password guidelines

Examples

Settings	Entropy & notes
Length 8 · lowercase only	~38 bits — Very weak Crackable offline in hours with commodity hardware. Don't use this profile.
Length 12 · upper + lower + digits	~71 bits — Fair Acceptable for low-risk accounts with rate-limited login. Prefer 16+ for anything you care about.
Length 20 · all four classes	~131 bits — Very strong Well beyond any realistic offline-crack threat. Use this profile for password-manager master passwords and other high-value credentials.

Common use cases

Creating a unique password for each new account you sign up for
Rotating the password on an old account that has been in a data breach
Seeding a password manager with strong random passwords
Generating short-lived API tokens or one-off shared secrets
Producing a strong master password for your vault
Making PINs or short access codes when a site limits allowed characters

Related tools

Age Calculator

Calculate your exact age in years, months, and days from any date of birth.

BMI Calculator

Check body mass index from height and weight using metric or imperial units.

Percentage Calculator

Work out percentages, percentage change, and percentage of a total in seconds.

Tip Calculator

Add a tip, split the bill, and share the total evenly across a group.

Frequently asked questions

How long should my password be?

For everyday accounts, 16 characters with at least three character classes is a solid baseline. For high-value accounts (primary email, password manager master password, crypto wallet), use 20 or more. For anything storing real money or sensitive data, 24+ is reasonable and costs you nothing when you're storing it in a password manager anyway.

Are the passwords this tool generates really random?

Yes. The generator uses the browser's Web Crypto API (crypto.getRandomValues), which is a cryptographically secure pseudo-random number generator seeded from the operating system's entropy pool — the same source web browsers use for cryptographic keys. It is not 'Math.random', which is deterministic and predictable.

Is my password saved or sent anywhere?

No. The password is generated entirely on your device, lives only in the page's memory and your clipboard, and never touches a server. Close the tab and it's gone — copy it into a password manager before you do.

Should I include symbols?

Include symbols where the site accepts them — each symbol class adds entropy per character. Some legacy sites reject symbols or restrict to a subset; in that case increase the length to compensate (adding 2–3 characters of length roughly makes up for dropping symbols).

What does 'exclude ambiguous characters' do?

It removes the characters that look alike in common fonts — capital I, lowercase l, digit 1, capital O, and digit 0 — from the pool. That makes passwords easier to transcribe by hand or read from a screenshot, at a tiny cost to entropy (effective charset shrinks slightly). Leave it off if your password will only ever be pasted.

Is it safe to use an online password generator?

Only if the password is generated client-side, as this one is. A server-side generator could log or store the passwords it returns. View the page source to confirm — the generator here runs in a single client-side React component using crypto.getRandomValues; there is no network call involved in producing a password.

How often should I change my passwords?

Current NIST guidance says you should not rotate passwords on a schedule — rotation just leads to weaker passwords and reuse. Instead, change a password only when there's a reason: you suspect it's been exposed, you're notified of a breach on the site, or you're upgrading from a weak password to a generated one. Use a password manager so you can afford to make every one unique.

Last updated 2026-04-17

What is a password generator?

How to use the password generator

Set the length

Drag the slider. 12 is the short-but-acceptable floor; 16 is a good all-purpose length; 20+ is recommended for important accounts (email, banking, password manager master password).

Pick your character classes

Turn on uppercase, lowercase, numbers, and symbols as the target site allows. More classes = higher entropy per character, which means you can use a shorter password for the same strength.

(Optional) Exclude ambiguous characters

Turns off the characters that look alike in many fonts (capital I, lowercase l, digit 1, capital O, digit 0). Useful if you'll ever need to type the password from a printed or screenshotted copy.

Regenerate or copy

Tap the refresh icon to roll a new password, or the copy icon to send the current one to your clipboard. Paste it straight into a password manager — don't rely on memorising it.

How password strength is scored

entropy = length × log₂(charset_size)
 
charset sizes for each class:
  uppercase (A–Z)      = 26
  lowercase (a–z)      = 26
  digits    (0–9)      = 10
  symbols   (25 shown) = 25
 
strength bands (bits of entropy):
  <40  Very weak      60–80  Strong
  40–60  Weak         80–100 Strong
  60–80  Fair         ≥100 Very strong

Examples

Settings	Entropy & notes
Length 8 · lowercase only	~38 bits — Very weak Crackable offline in hours with commodity hardware. Don't use this profile.
Length 12 · upper + lower + digits	~71 bits — Fair Acceptable for low-risk accounts with rate-limited login. Prefer 16+ for anything you care about.
Length 20 · all four classes	~131 bits — Very strong Well beyond any realistic offline-crack threat. Use this profile for password-manager master passwords and other high-value credentials.

Common use cases

Creating a unique password for each new account you sign up for

Rotating the password on an old account that has been in a data breach

Seeding a password manager with strong random passwords

Generating short-lived API tokens or one-off shared secrets

Producing a strong master password for your vault

Making PINs or short access codes when a site limits allowed characters