Password Generator
Generate cryptographically random passwords. Pick length, character classes (upper, lower, digits, symbols), and exclude lookalikes.
Add this tool to your own site with one line of HTML. Free forever — just keep the small credit link.
How to use Password Generator
- Drag the length slider to set how many characters you want. 16 is a strong minimum; 20 or more is better for stored passwords.
- Toggle the character classes — uppercase, lowercase, digits, and symbols — to match what the site allows.
- Optionally enable "exclude lookalikes" to drop 0/O and 1/l/I so the password is easy to read aloud or transcribe.
- Click the refresh button to generate a fresh password from a cryptographically secure random source.
- Check the entropy estimate, copy the password, and store it in a password manager — do not try to memorize it.
How to generate a password that is actually strong
The most reliable password is one no human chose. People reach for names, dates, and keyboard patterns that attackers model first; a computer drawing characters at random has no such bias. This generator does exactly that, using your browser's cryptographic random source, so the only thing standing between an attacker and your account is raw, unguessable entropy.
Where the randomness comes from
One detail decides whether the output is genuinely unguessable: the source of randomness. This generator samples each character with crypto.getRandomValues(), the operating system's cryptographic entropy surfaced to the browser. Picks are independent and uniform across the pool you enable, so no character leaks information about its neighbours.
Why length is the lever that matters
A short password bristling with symbols feels "complex," but feel is not entropy. The strength of a random password is length × log2(pool size) bits, and stretching the length scales that figure linearly while widening the alphabet barely nudges it. Compare:
Pool of all 4 classes (~86 chars): log2(86) ≈ 6.4 bits/char
12 characters: 12 × 6.4 ≈ 77 bits
16 characters: 16 × 6.4 ≈ 103 bits
20 characters: 20 × 6.4 ≈ 128 bitsEvery character you add roughly doubles an attacker's work. That is why a long password from a smaller alphabet often beats a short one from a large alphabet — and why the length slider is the most important control here.
Choosing character classes
Enable as many classes as the target site accepts — uppercase, lowercase, digits, and symbols — because each one widens the per-character pool. Some legacy systems reject certain symbols; if a password is mysteriously refused, turn symbols off and add two characters of length instead. The "exclude lookalikes" option removes 0/O and 1/l/I for passwords you will read or type by hand, at a small cost to per-character entropy.
Hand it straight to a password manager
A 20-character random string is built to be forgotten, not memorized. Copy it into a password manager and let autofill carry it from there. The only credentials worth committing to memory are the two that gate everything else — your device unlock and the manager's master passphrase — and those belong in the passphrase generator, not here.
Related security tools
- Passphrase Generator — the readable alternative for the one or two passwords you genuinely have to type by hand.
- Password Strength Checker — drop a generated string in to watch its entropy and estimated crack time.
- .htpasswd Generator — turn one of these passwords into an Apache Basic-Auth credential line.
Frequently asked questions
How random are these passwords?
How long should my password be?
Does length or character variety matter more?
Why would I exclude lookalike characters?
Is the password sent anywhere?
What do the entropy bits mean?
Should I reuse a strong password across sites?
How do I remember a 20-character random password?
Related tools
More tools you might find useful in the same flow.
API Token Generator
Random token generator — create secure API keys, session IDs, and secrets in hex or Base64URL using crypto-grade randomness. Free, made in your browser.
PIN Generator
PIN generator — create random 4, 6, or 8 digit PIN numbers (or any length) with real cryptographic randomness, one at a time or in bulk. Free and instant.
Passphrase Generator
Diceware passphrase generator — create memorable, strong passphrases from a word list with adjustable length and separators. Generated locally, in private.
Password Strength
Password strength meter — estimate how long a password would take to crack and get tips to harden it. Checks run locally; nothing is ever sent anywhere.
Built by Muhammad Tahir · About