🔒
Password Generator
Cryptographically random · Custom length & character sets
Space = new password
Strong Password Generator
Free online password generator. Create strong, cryptographically random passwords with custom length, uppercase, lowercase, numbers, and symbols. Uses the browser's built-in crypto API — nothing is sent to any server.
Free
No login
100% browser-based
No data sent to servers
What is a Strong Password Generator?
A strong password has three properties: it is long (16+ characters), random (not based on words or patterns), and unique (never reused across sites). Most password breaches happen because users pick short, predictable passwords or reuse the same one everywhere. A random generated password with uppercase, lowercase, numbers, and symbols has an astronomically large search space — brute-forcing it would take longer than the age of the universe.
This tool generates cryptographically random passwords using the browser's window.crypto.getRandomValues() API, the same source of randomness used by security software. You control length and character set. Nothing is sent to any server.
How to generate a strong password
1. Set the length to 16 characters minimum (20+ for email and banking). 2. Enable uppercase, lowercase, numbers, and symbols for maximum entropy. 3. Click Generate or press Ctrl+Enter. 4. Click the copy icon to copy to clipboard — the password is never stored anywhere. 5. Paste directly into your password manager.
Password entropy explained
Entropy measures how unpredictable a password is. A 16-character password using all character types has ~105 bits of entropy — it would take billions of years to brute-force at current computing speeds. Each additional character multiplies the search space by the character set size. Length matters more than complexity.
Are these passwords truly random?
Yes. This tool uses the Web Crypto API (window.crypto.getRandomValues()) — the same cryptographically secure random number generator used in browser security features. It's far more random than Math.random() and is suitable for generating real passwords.
What makes a password strong?
Strong passwords are long (16+ characters), include a mix of uppercase letters, lowercase letters, numbers, and symbols, and don't follow predictable patterns. Length matters most — a 20-character lowercase-only password is stronger than an 8-character mixed-case one.
How many possible combinations does my password have?
With all character types enabled: 26 upper + 26 lower + 10 digits + 32 symbols = 94 characters. A 16-character password has 94^16 ≈ 3.7 × 10^31 possible combinations — effectively impossible to brute-force.
Is it safe to generate passwords in a browser?
Yes — this tool generates passwords 100% in your browser using the Web Crypto API (crypto.getRandomValues). Nothing is sent to any server. You can even disconnect from the internet and it will still work. The generated passwords never leave your device.
How long should my password be?
Security researchers recommend 16+ characters for standard accounts, 20+ for email and banking (since email recovery can unlock everything else). Length is more important than complexity — a 20-character lowercase password is harder to crack than an 8-character one with symbols.
What's the difference between a passphrase and a random password?
A passphrase (e.g. "correct-horse-battery-staple") is easier to remember and can be very strong if long enough. A random password (e.g. "kX9#mP2@qL") is harder to memorise but highly resistant to dictionary attacks. For anything you need to type regularly, a passphrase is practical. For passwords stored in a password manager, use random characters.
Should I save these passwords in my browser?
Browser password managers are convenient but have risks if your device is compromised. For high-value accounts (banking, email, work), use a dedicated password manager like Bitwarden, 1Password, or KeePass. They offer stronger encryption, cross-device sync, and breach monitoring.