Password Generator

Generate cryptographically secure passwords with customizable length, character sets, and entropy indicators. Runs entirely in your browser using the Web Crypto API.

100% client-side. Your data never leaves your browser.

Entropy: 103 bitsVery Strong

Converters & Examples

Strong Password Generator: Secure Random Passwords

Generate cryptographically secure random passwords. Customize length, character sets, and quantity. Uses Web Crypto API.

Related Tools

uuid
UUID Generator

Generate UUID v4 (random) and v7 (time sorted) identifiers online. Bulk generation up to 1000 at once using the Web Crypto API.

 sha
Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text or files. Uses the browser's Web Crypto API for SHA hashes with a pure JS fallback for MD5.

Generate Secure Passwords

A strong password combines length and character diversity to maximize entropy, the measure of how many guesses an attacker would need. This generator uses the Web Crypto API to produce passwords from a cryptographically secure random source directly in your browser. No passwords are transmitted or stored.

How to Use

  1. Set the password length using the slider or number input (4 to 128 characters)
  2. Toggle character types: uppercase, lowercase, numbers, and symbols
  3. Optionally exclude ambiguous characters (I, l, 1, O, 0) for readability
  4. Click Generate or press Cmd+Enter
  5. Copy individual passwords or use Copy All for batch generation

Understanding Password Strength

Entropy and Character Pools

Entropy is calculated as length x log2(pool_size). A 16-character password using all four character types (26 upper + 26 lower + 10 digits + 26 symbols = 88 characters) gives 16 x log2(88) = 103 bits. The same length with only lowercase letters drops to 16 x log2(26) = 75 bits. Length has a linear effect on entropy, while expanding the character pool has a logarithmic effect, meaning adding length is more impactful than adding character types.

Strength Thresholds

Under 40 bits of entropy is considered weak and can be cracked in seconds on modern hardware. 40 to 60 bits is fair but not recommended for sensitive accounts. 60 to 80 bits is strong enough for most use cases. Above 80 bits is very strong and suitable for master passwords, API keys, and encryption passphrases.

Practical Security

A password generator solves the human tendency toward predictable patterns. People reuse passwords, substitute letters with obvious numbers (@ for a, 3 for e), and pick dictionary words. These patterns are the first things attackers try. A random 16-character password with the full character set is orders of magnitude harder to crack than a 20-character “clever” password built from dictionary words and substitutions.

When to Use Which Settings

For password manager entries, use the defaults (16 characters, all types enabled). For WiFi passwords or credentials you might need to type manually, enable “exclude ambiguous” to avoid confusion between characters that look alike. For systems with specific requirements (no symbols, max length), adjust the toggles accordingly.

If you need a unique identifier rather than a secret, a UUID is a better fit. To verify the integrity of a password or derive a key from one, generate a SHA-256 hash.