The Password Generator creates cryptographically random, secure passwords with customizable length and character sets — using your browser’s built-in crypto.getRandomValues() API for true randomness that cannot be predicted.

How to Use This Generator

1. Drag the Length slider (6–128 characters). 16 characters is a strong default.
2. Check or uncheck character types: uppercase, lowercase, numbers, and symbols.
3. Optionally enter characters to exclude (e.g., 0, O, l, 1, I to prevent lookalike confusion).
4. Click Generate Password or copy with the copy button.

What Makes a Password Strong?

Password strength is measured in “entropy” — the number of possible combinations an attacker must try. Entropy = log₂(charset_size^length). A 16-character password using all four character types (94 possible characters) has 99 bits of entropy — meaning 2^99 possible combinations. Even the fastest brute-force attacks (100 billion guesses/second) would take billions of years.

By contrast, an 8-character password from the same set has only 52 bits of entropy and could be cracked in under a day by a high-end GPU cluster.

Password Best Practices

• Use a unique password for every account. If one site is breached, attackers try the same password everywhere else (credential stuffing).
• Use a password manager (Bitwarden, 1Password, Dashlane) — you only need to remember one master password.
• Enable two-factor authentication (2FA) for all important accounts. Even a weak password is secure with good 2FA.
• Never use personal information — names, birthdays, pets — in passwords.

Frequently Asked Questions

Is this generator secure?

Yes. It uses window.crypto.getRandomValues(), which is a cryptographically secure pseudorandom number generator (CSPRNG) available in all modern browsers. Unlike Math.random(), it is not predictable or reversible.

Does the generated password get sent anywhere?

No. All generation happens entirely in your browser with JavaScript. Nothing is ever transmitted to our servers or any third party.