Password & Security · Available

Password Generator

Generate strong, cryptographically secure passwords with full control over length and character rules.

Nothing leaves your device Instant generation Works offline

Options

16 chars
43264128
Character types
Exclusions

Your password

Very Weak
Adjust the options to generate a password.
Strength0 bits · crack time Instant

Quality checklist

  • Uppercase (A–Z)
  • Lowercase (a–z)
  • Numbers (0–9)
  • Symbols
  • Length ≥ 12
  • High entropy (≥ 60 bits)
  • Cryptographically secure RNG

Session history

Last 10 passwords from this session. Cleared automatically on refresh.

No history yet — generate a password to fill it in.

Security tips

Never reuse passwords

A breach on one site instantly compromises every account sharing that password.

Use a password manager

Store unique passwords in a trusted manager — you only need to remember one strong master password.

Enable Multi-Factor Authentication

Even a leaked password can't unlock an account protected by an authenticator app or hardware key.

Prefer length over complexity

A 20-character password is exponentially stronger than an 8-character one packed with symbols.

Avoid dictionary words and personal info

Names, birthdays, and common words are the first thing attackers try.

Rotate after a compromise

If a service you use is breached, change that password immediately and anywhere it was reused.

How it works

Every password is generated locally with window.crypto.getRandomValues, the browser's cryptographically secure random source. We use rejection sampling so every character in your chosen pool has a perfectly uniform probability — no modulo bias, no predictable patterns.

When you require every selected category, we seed the password with one character from each pool before filling the rest, then shuffle the whole thing. Nothing ever leaves your device: no analytics ping, no server round-trip, no persistent storage.

Strong passwords rely on two properties: length and a large character pool. Both increase entropy — the number of possible passwords an attacker has to try. A 16-character random password from 90 characters is roughly 1031 possibilities, out of reach of even nation-state attackers using offline GPU cracking.

Weak vs. strong passwords

  • Weak: dictionary words, names, birth years, keyboard patterns (qwerty123), or anything shorter than 8 characters.
  • Better: a random 12+ character mix with upper, lower, digits, and symbols.
  • Best: 20+ random characters stored in a password manager, plus multi-factor authentication on every important account.

How to use Password Generator

  1. 1

    Pick a length — 16 characters is a strong default.

  2. 2

    Choose which character types to include and which to exclude.

  3. 3

    The password regenerates instantly and shows a live strength score.

  4. 4

    Copy it into your password manager, download it, or print it — then move on.

Frequently asked questions