Password GeneratorPrivate, Instant, In Your Browser
Choose a length from 8 to 64 characters, toggle uppercase, lowercase, digits and symbols, and generate. The randomness comes from your browser's crypto.getRandomValues — the same cryptographic source password managers use — not from a guessable pseudo-random function. And this matters more here than anywhere: a password generated on someone's server has already been seen by that server. Ours is born on your device, shown to you alone, and forgotten when you leave.
Strong — about 103 bits of entropy
Generated by crypto.getRandomValues on your device — we never see a single character.
Frequently Asked Questions
How random are these passwords really?
We draw bytes from crypto.getRandomValues, the browser's cryptographically secure generator, and use rejection sampling so every character in the pool is exactly equally likely. That's the same quality of randomness dedicated password managers use.
How long should my password be?
For anything protected by a modern service, 16 characters with all four character sets is far beyond brute-force reach (over 100 bits of entropy). Go longer for master passwords; the slider reaches 64.
Could anyone else see a password generated here?
No. Generation happens in your tab's memory with no network request — we never see it, it isn't stored, and it disappears when you close the page. Copy it into a password manager rather than a text file.
What does the strength hint mean?
It shows the password's entropy — length × log₂(pool size) — in bits. Roughly: under 50 bits is weak, 50–80 is fine for most accounts, and 80+ is strong enough that brute force stops being a realistic threat.