Password Generator
Configure the length and character types below to generate a cryptographically secure password. All randomness comes from your browser's Web Crypto API — your passwords are never sent to a server or stored anywhere.
Generated using crypto.getRandomValues() — never sent to a server.
Advertisement
Frequently Asked Questions
Is this password generator safe to use?
Yes. Passwords are generated entirely in your browser using the Web Crypto API (crypto.getRandomValues()), which produces cryptographically secure random values. Nothing is transmitted to any server — your generated passwords never leave your device.
What makes a strong password?
A strong password is long (16+ characters) and uses a mix of uppercase letters, lowercase letters, numbers, and symbols. Length matters most — a 20-character lowercase-only password has more entropy than an 8-character password using all character types.
What is the strength indicator based on?
Strength is calculated using Shannon entropy: length × log₂(charset size). This measures how many bits of randomness your password contains. We rate passwords as Weak (<40 bits), Fair (40–59), Strong (60–79), or Very Strong (80+).
Should I include symbols in my passwords?
Including symbols increases the character pool, which raises entropy. However, some websites restrict which symbols are allowed. If you're unsure, generate without symbols first — a 16-character password with letters and numbers is already Very Strong.
How long should my password be?
For most accounts, 16 characters is excellent. For high-value accounts (banking, email, password manager master password), 20–32 characters is recommended. Use a password manager so you only need to remember one strong master password.