Password Generator
Generate secure, random passwords with visual strength analysis. Customize length, characters, and complexity.
Advertisement
Generated Password
7.2:RVYu013$T0Y75::I
Password Strength
Length
20 chars
Entropy
129 bits
Crack Time
2158056614161B+ years
Strength
Excellent
Options
Advertisement
How to Use the Password Generator
A strong password is generated automatically when you open this page. Click the password to copy it instantly, or use the Copy button. Hit Generate to create a new password at any time.
Adjust the password length using the slider — longer passwords are exponentially harder to crack. For everyday accounts, 16-20 characters is excellent. For critical accounts like email, banking, or cryptocurrency wallets, use 24 or more characters.
Toggle character types to customize your password. Including uppercase, lowercase, numbers, and symbols maximizes the character pool and produces the strongest passwords. If a website restricts certain characters, uncheck that option and increase the length to compensate.
The strength meter shows real-time feedback as you adjust settings. It calculates Shannon entropy — the mathematical measure of randomness — and estimates how long a modern GPU cluster (10 billion guesses per second) would take to brute-force the password. Aim for “Very Strong” or better.
The Recent Passwords section keeps your last 10 generated passwords during the session, making it easy to go back if you need a previously generated password. These are never saved to disk — refreshing the page clears the history.
Frequently Asked Questions
Are passwords generated here truly random?
Yes. This tool uses the Web Crypto API (crypto.getRandomValues()) which provides cryptographically secure random number generation built into your browser. This is the same randomness source used by security software, encryption libraries, and password managers. No pseudo-random fallback is used.
Is it safe to generate passwords in a browser?
Yes. All password generation happens entirely in your browser using JavaScript. No passwords are ever sent to a server, stored in a database, or logged anywhere. You can verify this by disconnecting from the internet — the tool works offline. For maximum security, you can open this page in a private/incognito window.
How long should my password be?
For most accounts, 16-20 characters is recommended. For high-security accounts (banking, email, crypto), use 24+ characters. The minimum recommended length is 12 characters. Each additional character exponentially increases the time needed to crack the password. A 20-character password with all character types has over 130 bits of entropy.
What is entropy and why does it matter?
Entropy measures the randomness of a password in bits. Higher entropy means more possible combinations an attacker would need to try. A password with 40 bits of entropy has 2^40 (about 1 trillion) possible combinations. For strong security, aim for 80+ bits. For critical accounts, 128+ bits is recommended. This tool calculates entropy based on your selected character pool and password length.
Should I include symbols in my password?
Including symbols significantly increases security by expanding the character pool. A 16-character password with letters only has about 75 bits of entropy, while adding numbers and symbols increases it to about 105 bits. However, some systems don't accept certain symbols. If a site restricts special characters, compensate with a longer password.
What does 'Exclude Ambiguous' mean?
The 'Exclude Ambiguous' option removes characters that look similar in many fonts: 0 (zero) and O (letter), 1 (one) and l (lowercase L) and I (uppercase i). This is useful when you need to read or type the password manually, such as entering it on a different device without copy-paste.