Generate a strong password right in your browser — pick the length, choose character types, copy. Uses the browser's secure random source, so your passwords never touch a server.
Character Types
The Password Generator creates strong, random passwords using your browser's crypto.getRandomValues() API — the same cryptographically secure random source used by reputable password managers. Pick a length, choose which character types to include, and click Generate.
Everything happens locally. Open your browser's network tab while clicking Generate and you'll see no requests going out. The password exists only on your device until you copy it.
A 16-character password using mixed case, numbers, and symbols draws from a pool of 95 possible characters per position — that's 9516 possible combinations, a number large enough that brute-forcing it is computationally infeasible. Longer is still better; this tool goes up to 128 characters for use as a master password, an encryption passphrase, or anything else that needs to outlast the next two decades of compute progress.
8–11 characters — Don't. Even with symbols, modern GPUs crack these in hours. Acceptable only for throwaway accounts on sites that cap length there.
12–15 characters — The current floor for everyday accounts (newsletters, forums, shopping sites). Use 12 only if the site refuses longer.
16–20 characters — The recommended default for anything that matters: email, banking, social media, work accounts. The Generate button defaults to 16 for a reason.
20+ characters — For your password manager's master password, full-disk encryption passphrases, and anything protecting other passwords. This is the one password you have to memorise; make it overkill.
Pick a length
16 is the sensible default; bump to 20+ for master passwords.
Choose character types
Uppercase, lowercase, numbers, symbols — leave all four on unless a specific site bans some.
Click Generate
A new password appears instantly. Click again for a different one.
Copy and store in a password manager
Don't try to remember it. Save it directly to Bitwarden, 1Password, or your manager of choice.
If every account needs a unique 16-character random password, memorising them all is impossible — that's the entire point. A password manager is an encrypted vault that stores your passwords, autofills them at login, and generates new ones when you sign up. You memorise one strong master password; the manager handles the rest.
Free and trustworthy options: Bitwarden (open source, free tier covers most users), KeePassXC (offline, local-only, fully free), and iCloud Keychain or Google Password Manager if you're locked into one ecosystem. Paid options worth their fees: 1Password and Dashlane.
Reusing one password across sites is the highest-risk behaviour in personal security. When one site leaks (and they do — billions of credentials are dumped every year), attackers immediately try the leaked email/password pair on Gmail, your bank, and every major service. This is called credential stuffing, and unique passwords are the only defence.
| Example | Strength | Time to Crack |
|---|---|---|
| 123456 | Trivial | Instantly |
| password123 | Very weak | Under a minute |
| MyDog$Rover2020 | Moderate | Hours to days |
| Tr7&kP!mZ2#vQx9L | Strong | Centuries |
| 32-char random | Maximum | Practically uncrackable |
Cryptographically Random
Uses crypto.getRandomValues(), not Math.random().
8–128 Characters
Slider from short to fully overkill.
4 Character Sets
Toggle uppercase, lowercase, numbers, symbols.
Live Strength Meter
Entropy-based, not a marketing label.
Browser-Only
Nothing is sent anywhere. Inspect the network tab.
Free Forever
No signup, no limits, no watermark.
crypto.getRandomValues() — the same cryptographically secure random source used by password managers. Passwords are never sent to a server.crypto.getRandomValues), not the predictable Math.random() function. This is the standard required for security-critical use like password generation and key creation.