Password Generator — Strong Random Password Generator

🔑

Password Generator

Cryptographically secure · Browser-only

Click Generate to create a password

Password Strength -

Length 16

Character Types

Uppercase

A B C ... Z

Lowercase

a b c ... z

Numbers

0 1 2 ... 9

Symbols

! @ # $ % & *

No Ambiguous

Exclude 0 O l I

No Repeating

Each char once

Password Security Guide

Is this password generator safe to use?+

Yes. This generator uses the browser's built-in crypto.getRandomValues() API, which is cryptographically secure. No passwords are sent to any server, logged, or stored anywhere. The entire generation process happens locally in your browser — you can even disconnect from the internet and it will still work.

How long should a password be?+

For most accounts: 16 characters minimum. For sensitive accounts (banking, email, work): 20+ characters. Length matters more than complexity — a random 20-character lowercase password is stronger than a complex 8-character one. Our default of 16 characters with all character types gives entropy of around 105 bits, which would take billions of years to brute-force.

What makes a password strong?+

A strong password is long, random, and unique. Long means 16+ characters. Random means not based on words, names, or patterns. Unique means never reused across accounts. Adding uppercase, lowercase, numbers, and symbols maximizes the character pool, which exponentially increases the number of possible combinations attackers must try.

Should I use a password manager?+

Yes, absolutely. A password manager (Bitwarden, 1Password, Dashlane, KeePass) lets you use a unique, complex password for every account without memorizing them. The risk of one compromised site reaching all your accounts (credential stuffing) is far greater than the risk of a reputable password manager being breached. Use a strong master password and enable two-factor authentication on your manager.

What is password entropy?+

Entropy measures how unpredictable a password is, in bits. Formula: entropy = log2(pool size) × length. A 16-character password using all character types has a pool of ~95 characters: log2(95) × 16 = approximately 105 bits. Each additional bit doubles the difficulty to crack. Under 40 bits is weak, 60-80 is decent, 100+ is very strong.

What are ambiguous characters and when should I exclude them?+

Ambiguous characters look similar in some fonts: 0 (zero) and O (letter O), 1 (one), l (lowercase L), and I (uppercase i). Excluding them makes passwords easier to read and type manually without misreading. Enable "No Ambiguous" when you might need to type the password by hand — for example, on a TV, gaming console, or unfamiliar device without a clipboard.