Password Generator - Strong Random Password & Passphrase Online

Generate strong, secure random passwords and memorable passphrases. Customize length, characters, and complexity — 100% client-side, nothing stored.

Length

4128

Uppercase (A-Z)Lowercase (a-z)Numbers (0-9)Symbols (!@#$%...)

Exclude Ambiguous CharactersRemoves i, I, l, 1, L, |, o, O, 0Exclude BracketsRemoves < > ( ) [ ] { }

Password Strength

Strong103.4 bits

Character Pool: 88 charactersEstimated Crack Time: 2.1e+3 billion years

Generate Multiple

Count

Frequently Asked Questions

What is a password generator?

A password generator is a tool that creates random, unpredictable passwords using cryptographically secure random number generation. Unlike passwords humans create (which tend to follow patterns and be predictable), generated passwords use maximum randomness from the available character set, making them extremely resistant to brute-force attacks, dictionary attacks, and social engineering.

How do I use this password generator?

Choose your mode: Password (random characters) or Passphrase (random words). Adjust the length slider to set your desired password length (16+ characters recommended). Toggle character types on/off: uppercase, lowercase, numbers, symbols. The password generates automatically as you change settings. Check the strength meter to verify your password meets your security needs. Click the Copy button to copy the password to your clipboard.

Is my password data safe? Does it get sent to a server?

Your passwords are 100% safe and never leave your browser. This tool uses the Web Crypto API (crypto.getRandomValues()) to generate passwords entirely on your device. No password data is ever transmitted to any server, stored in any database, or logged anywhere. You can verify this by disconnecting from the internet — the tool works fully offline.

What is password entropy and why does it matter?

Entropy measures the randomness and unpredictability of a password, expressed in bits. Higher entropy means the password is harder to crack through brute-force attacks. It is calculated as E = L × log₂(C), where L is the password length and C is the character pool size. For example, a 16-character password using all 90 character types has about 103.8 bits of entropy. Security experts recommend at least 60 bits for standard accounts and 120+ bits for high-security applications.

What is the difference between a password and a passphrase?

A password is a random string of characters (e.g., K9$mPq2#vL7n), while a passphrase is a sequence of random words (e.g., correct-horse-battery-staple). Passphrases are generally easier to remember while still providing high entropy. A 5-word passphrase from a 1,296-word list provides about 51.7 bits of entropy, comparable to an 8-character random password using all character types.

How long should my password be?

NIST recommends passwords of at least 8 characters, but security experts generally recommend 12-16 characters minimum for standard accounts and 20+ characters for sensitive accounts (banking, email, password managers). Longer passwords exponentially increase the time required to crack them through brute-force. This tool defaults to 16 characters, which provides about 103.8 bits of entropy with all character types enabled.

Why should I use crypto.getRandomValues() instead of Math.random()?

Math.random() is a pseudo-random number generator (PRNG) that uses a deterministic algorithm. Its output can potentially be predicted if the seed is known. crypto.getRandomValues() is a cryptographically secure PRNG (CSPRNG) backed by the operating system's entropy source, making it suitable for security-sensitive applications like password generation. This tool exclusively uses crypto.getRandomValues() to ensure maximum security.

Code Examples

// Secure password generator using Web Crypto API
function generatePassword(length = 16, options = {}) {
  const { uppercase = true, lowercase = true, numbers = true, symbols = true } = options;

  let charset = '';
  if (uppercase) charset += 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  if (lowercase) charset += 'abcdefghijklmnopqrstuvwxyz';
  if (numbers) charset += '0123456789';
  if (symbols) charset += '!@#$%^&*()_+-=[]{}|;:,.<>?';

  const array = new Uint32Array(length);
  crypto.getRandomValues(array);

  let password = '';
  for (let i = 0; i < length; i++) {
    password += charset[array[i] % charset.length];
  }
  return password;
}

const pwd = generatePassword(20);
console.log(pwd);
console.log('Entropy:', (20 * Math.log2(90)).toFixed(1), 'bits');