PASSWORD GENERATOR
Generate strong, random passwords with custom length, character sets, and strength meter. Runs entirely in your browser.
Charset size: 88 characters
// click a button above to generate multiple passwords at once
Open-source, end-to-end encrypted password manager from Proton. Stores passwords, 2FA codes, and notes — no tracking, no ads, ever.
>TRY PROTON PASS→Generated a strong password? Keep it safe with NordPass — a zero-knowledge password manager that autofills on all your devices.
>TRY NORDPASS FREE→// PASSWORD SECURITY
Why Random Passwords Matter
Humans are predictable. We reuse passwords, use names and dates, and follow patterns attackers know to exploit. A truly random password — generated by a computer, not chosen by a person — eliminates these patterns entirely. Even a 12-character random password using mixed characters has more combinations than there are atoms in a gram of sand, making brute-force attacks computationally infeasible.
How This Generator Works (No Server Involved)
Passwords are generated using window.crypto.getRandomValues() — the same cryptographically secure API your browser uses for HTTPS. Generation happens entirely in your browser; nothing is transmitted, logged, or stored. You can disconnect from the internet and this tool will still work perfectly.
Always Use a Password Manager
A strong password is useless if you reuse it. The only practical way to use a unique, strong password for every site is a password manager. Generate a password here, then save it in a manager like Bitwarden (free, open source), ProtonPass, or 1Password. Your master password is the only one you need to remember — make it a long passphrase.
Understanding Password Entropy
Entropy (measured in bits) represents how hard a password is to guess. Each additional bit doubles the number of possible combinations. A 64-bit password has 18 quintillion combinations; 128-bit has over 340 undecillion. The strength meter above shows your password's entropy in real time. Target 80+ bits for regular accounts and 100+ bits for email, banking, and password manager logins.
Contact us to advertise here
// FAQ
FREQUENTLY ASKED QUESTIONS
Q1.Are generated passwords saved or logged?
No. Password generation happens entirely in your browser using the Web Crypto API's cryptographically secure random number generator. Nothing is sent to any server, logged, or stored.
Q2.What makes a password strong?
Length and character variety. A 20-character password using uppercase, lowercase, numbers, and symbols has over 130 bits of entropy — effectively uncrackable by brute force. Aim for at least 16 characters with mixed character types.
Q3.What is the 'No Ambiguous' option?
It excludes characters that look similar in many fonts: 0 (zero) and O (letter O), 1 (one) and l (lowercase L) and I (uppercase i). Useful when you need to type or read a password rather than copy/paste it.
Q4.Should I use a password manager?
Yes — always. A password manager lets you use a unique, strong password for every site without memorizing them. Use this generator to create passwords, then store them in a manager like Bitwarden (free), 1Password, or your browser's built-in manager.
Q5.How random are these passwords?
They use window.crypto.getRandomValues() — the same cryptographically secure random number generator used by browsers for TLS/HTTPS. This is significantly more random than Math.random() and suitable for security-sensitive use.
Q6.How long should my password be?
For most accounts, 16–20 characters is considered very strong today. For high-value accounts (email, banking, password manager master password), use 20+ characters. Length matters more than complexity: a 20-character lowercase-only password is harder to brute-force than a 10-character one with symbols. The strength meter on this tool shows entropy in bits — aim for 80+ bits for everyday accounts and 100+ bits for critical ones.
Q7.What is a passphrase and is it better than a random password?
A passphrase is a sequence of random words (e.g., "correct-horse-battery-staple") that is long, memorable, and strong. A 4-word passphrase has roughly 44 bits of entropy; a 6-word passphrase exceeds 77 bits. Random character passwords are harder to crack per character but harder to memorize. For accounts you type manually, a passphrase may be more practical. For accounts stored in a password manager, use a fully random password.