Password Generator

Generate cryptographically random passwords. Customize length, character sets, and generate in bulk. Uses crypto.getRandomValues() — never uses Math.random().

crypto.getRandomValues() · Never uploaded · Never stored
Click Generate or configure options below
Strength
Copied!

Bulk generate

passwords Copied!
Related Tools
Hash Generator
encode
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text or files online. Free, instant, runs in your brows…
UUID Generator
encode
Generate cryptographically random UUID v4 identifiers online. Bulk generation, multiple formats, one-click co…

Password strength guide

  • Weak — under 40 bits entropy. Avoid for anything important.
  • Fair — 40–60 bits. OK for low-value accounts.
  • Good — 60–80 bits. Suitable for most accounts.
  • Strong — 80–100 bits. Recommended minimum.
  • Very strong — 100+ bits. Use this for critical accounts.

Best practices

  • Use a unique password for every account
  • Use a password manager to store them
  • 16+ characters with mixed types is sufficient
  • Longer is better than more symbol types
  • Never reuse passwords across sites

Frequently Asked Questions

Is this password generator truly random?

Yes. It uses crypto.getRandomValues(), which draws from the operating system's cryptographically secure random number generator (CSPRNG). This is the same source used for cryptographic key generation — not Math.random(), which is not cryptographically secure.

Are my passwords saved anywhere?

No. Passwords are generated entirely in your browser. Nothing is transmitted to any server. You can disconnect from the internet and the generator still works. Check your browser's network tab to verify.

What is entropy and why does it matter?

Entropy measures how hard a password is to guess, in bits. Each additional bit doubles the search space. A 60-bit password has 2^60 ≈ 1 quintillion possible values. With 10 billion guesses per second, cracking it would take ~36 years on average.

How long should my password be?

For most accounts, 16 characters with mixed types (uppercase, lowercase, numbers, symbols) provides ~95 bits of entropy — effectively uncrackable by brute force. For critical accounts like email or bank, use 20+ characters.