Password Generator

Generate cryptographically secure random passwords using your browser's Web Crypto API. Set the length, pick your character types, and copy instantly.

All processing is client-side — your data never leaves your browser.

Generated Password -

Options

Length 16

Uppercase (A-Z) Lowercase (a-z) Numbers (0-9) Symbols (!@#$...) Exclude ambiguous characters (0, O, l, 1, I)

5 Password Variations same settings

About Password Security

Cryptographic randomness

This generator uses crypto.getRandomValues(), part of the Web Crypto API available in every modern browser. It draws entropy from your operating system's CSPRNG — the same source used for TLS session keys. Math.random() is never used here.

Password length guide

8 characters: meets minimum requirements but is increasingly crackable. 12-16 characters: solid for most accounts. 20+ characters: recommended for password manager master passwords, SSH keys, and admin credentials. Longer is always better.

Character diversity

Adding each character class multiplies the search space. Lowercase only at 8 chars = ~200 billion combinations. Adding uppercase, numbers, and symbols at 16 chars raises that to over 8 quadrillion. Each extra class forces attackers to search a far larger space.

Why symbols matter

Symbols expand the charset from 62 to ~90 characters per position. At 16 characters that is the difference between 10²⁸ and 10³¹ possible passwords — roughly 1,000x harder to brute-force. Most credential-stuffing attacks skip symbol-heavy passwords entirely.

How to use

1
Configure your password
Set the desired length (8–64 characters) and choose which character types to include — uppercase, lowercase, numbers, symbols.
2
Click Generate
A new password is generated instantly using the browser's Web Crypto API.
3
Copy and use
Click the copy button to grab the password. Use the strength indicator to verify it meets your security requirements.

Frequently asked questions

Is the generator cryptographically secure?

Yes. Passwords are generated using crypto.getRandomValues() from the browser's Web Crypto API, which uses your operating system's CSPRNG. This is the same entropy source used for TLS keys — not a predictable pseudo-random algorithm.

What password length should I use?

Use at least 16 characters for most accounts. For high-value accounts (banking, primary email, password manager master password), 24 characters or more is recommended. Length is more important than complexity.

What does "exclude ambiguous characters" do?

It removes characters that look visually similar and are easy to confuse when reading or typing: 0 (zero) and O (letter O), 1 (one) and l (lowercase L) and I (uppercase I). Useful when you need to type the password manually rather than copy-paste it.

Can I generate multiple passwords?

Yes — the tool generates 5 password variations at a time. Click Generate again for a fresh set, or click the individual refresh icon next to any single password.