Password Generator

Generate cryptographically strong passwords using crypto.getRandomValues() — never Math.random().

IT teams and security-conscious users creating unique passwords for every account.

How to use it

  1. Set your options

    Choose the length and which character types to include — uppercase, lowercase, numbers, and symbols. More types and length means stronger.

  2. Generate

    A fresh password appears instantly, with its entropy in bits shown so you can see how strong it is. Regenerate until you are happy.

  3. Copy and store

    Click Copy and paste it into your password manager or the signup form. Never reuse it on another account.

Why use this tool?

Reused and guessable passwords are behind the majority of account breaches. The moment one site you use leaks its database, attackers try that same email-and-password combination everywhere else — so a single weak password can unlock your email, bank, and social accounts at once. The only real defence is a long, random, unique password for every account, which is impossible to invent in your head and tedious to type by hand. This generator creates them properly. It uses your browser’s cryptographic randomness — window.crypto.getRandomValues(), not the predictable Math.random() — so the output is genuinely unguessable, and it shows the entropy in bits as a live strength gauge. You control the length and whether to include uppercase, lowercase, numbers, and symbols. Everything happens on your device: the password is never sent over the network, logged, or stored anywhere, so it is safe to generate even for your most sensitive accounts. Generate, copy, and save it straight into your password manager.

Common use cases

Everyday account security

Create a unique strong password for every new signup so one leaked site can never compromise your other accounts.

IT & administrators

Generate strong temporary credentials for new user accounts, routers, databases, and shared systems.

Developers

Produce random secrets for environment variables, API keys, JWT signing keys, and webhook tokens.

Resetting after a breach

Quickly roll new passwords for every affected account when a service you use reports a data breach.

Wi-Fi & devices

Set a long, random password on your router or IoT devices that no one can guess or brute-force.

Frequently asked questions

Is this truly random and secure?

Yes. It uses window.crypto.getRandomValues(), the browser’s cryptographically secure random source — far safer than the predictable Math.random() many generators rely on.

Is the password sent anywhere?

No. Generation is 100% client-side. Nothing is transmitted, logged, or stored, so even passwords for sensitive accounts stay private.

How long should my password be?

16+ characters with mixed types is strong for everyday use. For high-value accounts, go 24+ characters.

What does "entropy in bits" mean?

It measures unpredictability — how hard the password is to brute-force. Roughly: 80+ bits is strong, 128+ bits is excellent.

Should I include symbols?

Yes where the site allows them — they increase entropy. If a site rejects symbols, compensate with extra length.

How do I remember these?

You don’t — that’s the point. Store each one in a password manager and only memorise the single master password.

Are generated passwords ever repeated?

The odds of a collision at reasonable lengths are astronomically small, so each generated password is effectively unique.

Is it free with no limits?

Yes — completely free, no sign-up, and you can generate as many passwords as you want.

Related tools