Password Generator — Secure Random Passwords in Your Browser
Set length, character sets, and strength level — cryptographically secure, nothing leaves your device
Generated using crypto.getRandomValues() — cryptographically secure, fully in-browser. Passwords are never sent anywhere.
A weak password is one of the most preventable security vulnerabilities in existence. This password generator uses your browser's cryptographically secure random number generator — the same source that powers TLS and encryption libraries — to produce passwords that are genuinely unpredictable. Every character is drawn from your chosen character pool using constant-time random selection, and the resulting password is shuffled using Fisher-Yates to ensure no positional bias. The entropy meter shows you exactly how many bits of randomness your configuration provides. 80+ bits is considered strong for most purposes. 100+ bits is future-proof against current brute-force capabilities. Use the length slider to fine-tune your entropy target and the character set toggles to meet specific password policy requirements.
How to Generate a Secure Password
Configure your character sets and length, then copy — a strong password in under 5 seconds.
Set the length
Drag the length slider between 6 and 128 characters. The entropy indicator updates in real time. For most accounts, 20+ characters gives strong protection. For master passwords and encryption keys, 30+ is recommended.
Choose your character sets
Toggle uppercase letters (A-Z), lowercase letters (a-z), numbers (0-9), and symbols (!@#$...) on and off to match the requirements of the password policy you are working with. Enable Exclude ambiguous to remove characters like I, l, 1, O, 0 that can be confused when reading passwords aloud or copying by hand.
Copy and use
Click Regenerate for a new batch or copy any individual password from the list. The Eye button masks all passwords for privacy when others might see your screen. Passwords are never transmitted, logged, or stored anywhere.
Features
Cryptographically secure: uses crypto.getRandomValues()
Length slider from 6 to 128 characters
Toggle uppercase, lowercase, numbers, symbols independently
Exclude ambiguous characters option (I, l, 1, O, 0)
Entropy bits displayed with visual strength bar and label
Generate 1–20 passwords simultaneously
Eye toggle to mask/reveal passwords on screen
Copy individual passwords or regenerate the entire batch
Nothing uploaded — all generation is 100% local
Related Tools
Frequently Asked Questions
What makes a password generator cryptographically secure?
A cryptographically secure generator draws randomness from the operating system's entropy pool (hardware events, disk timing, etc.) rather than a predictable mathematical formula. This generator uses crypto.getRandomValues(), the browser API backed by your OS CSPRNG, to ensure output cannot be predicted or reproduced even if you know the algorithm.
How many bits of entropy do I need?
For typical account passwords, 60+ bits is adequate today. For sensitive accounts (banking, email, primary password manager), aim for 80+. For encryption keys and master passwords, 100+ bits provides a comfortable margin against foreseeable computing advances. This tool shows your exact entropy so you can make an informed choice.
Can I use these passwords offline?
Yes. The generator runs entirely in your browser. Once the page is loaded, you can disconnect from the internet and continue generating passwords. No request is ever made to a server during generation.
Why should I exclude ambiguous characters?
Characters like capital I, lowercase l, the digit 1, capital O, and the digit 0 are easily confused when reading a password aloud, copying from a printed sheet, or typing on certain fonts. Excluding them prevents transcription errors without significantly reducing entropy.
Is it safe to copy passwords into my password manager from this page?
Yes. Copying to your clipboard is local to your device and is not intercepted by this tool. Once you paste the password into your password manager, close the browser tab and the password is no longer accessible. The tool never stores or transmits any generated value.