Password Generator

Reserved · Sponsored728 × 90 · zero layout shift

What this tool does

Generate strong, random passwords using the Web Crypto API's cryptographically secure random number generator — the same trusted source browsers use for keys and tokens, not Math.random(). Tune the length from 8 to 128 characters and choose which character sets to include, then check the live strength estimate before copying. Every password is generated locally in your browser and never transmitted anywhere.

How to use

  1. 1
    Set the length

    Drag the slider or type a value from 8 to 128 characters. Longer passwords are exponentially harder to brute-force.

  2. 2
    Choose character sets

    Toggle lowercase, uppercase, numbers, and symbols. Each selected set is guaranteed at least one character in the result, and all are mixed together for the rest.

  3. 3
    Generate

    Click Generate to produce a new password using crypto.getRandomValues(). Click again anytime for a fresh one with the same settings.

  4. 4
    Check strength and copy

    The strength meter estimates entropy from length and character-set size. Once you're happy with it, click Copy to place the password on your clipboard.

Use cases

  • Create a new account password

    Generate a long, high-entropy password for a new login instead of reusing or slightly modifying an existing one.

  • Rotate a compromised credential

    Quickly produce a strong replacement password after a breach notice, tuned to match the target system's character requirements.

  • Set a database or service secret

    Generate a long alphanumeric-and-symbol string for a database user, API secret, or environment variable.

  • Meet a specific complexity policy

    Toggle character sets on or off to match a picky password policy (e.g. no symbols allowed) while keeping length high.

FAQ

Is this actually secure randomness, or Math.random()?+

It uses crypto.getRandomValues(), the Web Crypto API's cryptographically secure random source — the same one used to generate encryption keys in browsers. Math.random() is never used. Character selection also uses rejection sampling to avoid modulo bias.

How is the strength score calculated?+

Strength is estimated from entropy in bits: password length multiplied by log2 of the size of the character sets you've enabled. More length and more character variety both increase the score, which is bucketed into weak, fair, strong, and excellent.

Why does it guarantee at least one character from each selected set?+

Purely random selection from a mixed pool can occasionally omit an enabled set entirely (e.g. no symbols in a 12-character password even with symbols enabled). This tool inserts one guaranteed character per selected set at a random position so the result always reflects every set you chose, without reducing overall randomness elsewhere.

Are generated passwords stored or sent anywhere?+

No. Generation and display happen entirely in your browser. Nothing is logged, transmitted, or persisted after you navigate away.

What symbols are included?+

A standard set of common punctuation and symbol characters widely accepted by password policies: !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ — a mix broad enough to satisfy most complexity requirements.

Related tools