Password Generator
Create strong, random passwords in a click. Pick the length and character types, and a cryptographically secure password is generated right in your browser — never sent anywhere.
Passwords are generated locally in your browser using the secure Web Crypto API. Nothing is ever sent to a server, logged, or stored.
Understanding the Password Generator
The Password Generator creates strong, random passwords directly in your browser — ideal for anyone setting up a new account, rotating an old password, or building credentials for a team or device. You control the length (4 to 64 characters) and exactly which character types to include: uppercase, lowercase, numbers, and symbols, with an option to drop look-alike characters. A live strength meter shows roughly how hard the result is to crack. Because every password is produced locally using the browser's cryptographic random generator, nothing is ever uploaded, logged, or saved. Only you see the password, making it safe for real-world use.
How it works
When you adjust any control, the tool first assembles an allowed character set from the types you ticked (defaulting to lowercase if none are selected). If "exclude ambiguous" is on, look-alike characters such as O, 0, I, l, 1 and | are stripped out. For each position in the password, it draws a random number from crypto.getRandomValues — the Web Crypto API's cryptographically secure source — and uses it (modulo the set size) to pick a character. Unlike Math.random, this source is unpredictable and suitable for security. The strength meter estimates entropy from the length and character-set size, then labels the password Weak, Fair, Strong, or Very strong.
Worked example
Suppose you set the length to 16 and enable uppercase, lowercase, numbers, and symbols. That is a character set of about 90 characters. The generator picks 16 of them at random, producing something like "k7$Rm2!qXz9@Bn4&". The strength meter computes 16 × log2(90) ≈ 104 bits of entropy and labels it "Very strong". Tick "Exclude ambiguous" and the next regeneration avoids confusable characters like O, 0, l and 1, giving a password that is easier to read aloud without sacrificing much strength.
Tips & common mistakes
- Aim for at least 16 characters — length adds far more strength than complexity does.
- Keep all four character types enabled for the highest entropy unless a site rejects certain symbols.
- Use "Exclude ambiguous characters" when you will type or read the password manually, so O/0 and l/1 are not confused.
- Generate a unique password for every account; reused passwords are the top cause of breaches.
- Store your passwords in a reputable password manager rather than a note or spreadsheet.
- Aim for the "Strong" or "Very strong" label — if the meter shows Weak or Fair, increase the length or enable more character types.
Related tools
How to Use This Generator
- 1Set the length with the slider (16 or more is recommended).
- 2Choose which character types to include and optionally exclude look-alikes.
- 3Click Copy to use it, or Regenerate for a fresh one.
Frequently Asked Questions
Are these passwords really secure and random?
Yes. Each character is chosen with the browser's Web Crypto API (crypto.getRandomValues), a cryptographically secure random source — not the predictable Math.random. The result is genuinely unpredictable and safe for protecting accounts.
Can I exclude look-alike characters?
Yes. Tick "Exclude ambiguous characters" to remove easily confused symbols like O, 0, I, l, 1 and |. This is handy when a password must be read aloud, written down, or typed manually.
Is the password stored or sent anywhere?
No. The password is generated entirely on your device and never leaves your browser. Nothing is uploaded, logged, or saved to any server, so only you ever see it.