Password Generator
Generate strong, cryptographically secure passwords with customisable rules.
Character Types
Exclude
How the Password Generator Works
Adjust the length slider and toggle character sets — the password updates instantly without clicking anything. Use Regenerate for a new random password with the same settings, or switch to Generate multiple to produce a batch you can pick from. Everything runs in your browser using crypto.getRandomValues(), a cryptographically secure API built into every modern browser.
Frequently Asked Questions
+How is this password generator secure?
It uses window.crypto.getRandomValues(), the browser's cryptographically secure pseudo-random number generator (CSPRNG). Unlike Math.random(), which is deterministic and predictable, crypto.getRandomValues() is designed for security-sensitive use. Passwords are generated entirely in your browser — nothing leaves your device.
+What makes a strong password?
Three factors: length, character-set diversity, and unpredictability. A 16-character password using all character types has roughly 100 bits of entropy — well beyond the reach of any brute-force attack with current hardware. Avoid dictionary words, keyboard patterns, and personal information.
+Should I use symbols in my password?
Yes, when the service allows it. Adding symbols expands the effective character pool from 62 to ~94 characters, adding about 1 extra bit of entropy per character. Some services restrict certain symbols — compensate by increasing the length when you can't use all character types.
+How long should my password be?
At minimum 12 characters for general accounts, 16+ for sensitive ones (email, banking, cloud storage), and 20+ for a password manager master password. The slider goes up to 64 — for critical accounts, use the full length.
+Can you see the passwords I generate?
No. Generation happens entirely in JavaScript in your browser tab. No network request is made, nothing is logged, and the generated password never leaves your device. You can disconnect from the internet and the tool continues to work.
+Why use a generator instead of making a password up?
Humans are poor at true randomness. Studies show 91% of user-chosen passwords follow predictable patterns — names, dates, keyboard walks, or dictionary words with substitutions. A CSPRNG draws from a uniform distribution with no such bias, making every character genuinely unpredictable.