Password Generator

Generate strong, cryptographically secure passwords with custom length and character sets. Includes strength meter and entropy calculation.

Length: 20

Uppercase (A-Z) Lowercase (a-z) Numbers (0-9) Symbols (!@#$…) Exclude ambiguous (0Ol1)

How many passwords:

🔑 Strong Password Generator

A strong password is the first line of defence against unauthorised account access. This generator creates cryptographically random passwords using your browser's built-in crypto.getRandomValues() API — no passwords are sent to any server or stored anywhere.

🎲 True Randomness

Uses the browser's CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) — the same source used by TLS and cryptographic libraries.

📏 Length Matters

Every extra character multiplies the keyspace. A 16-character random password with uppercase, lowercase, numbers, and symbols has over 10²⁹ possible values.

🔤 Character Sets

Including all four character types (uppercase, lowercase, digits, symbols) maximises entropy per character. Removing symbols slightly reduces entropy but improves compatibility with some services.

🗄️ Use a Manager

Store generated passwords in a password manager (Bitwarden, 1Password, KeePass) so you never need to remember them — only your master password matters.

🛡️ Password Security Best Practices

Use a unique password for every account — reuse is the biggest risk multiplier
Minimum 16 characters for sensitive accounts (email, banking, work)
Enable two-factor authentication wherever available
Never share passwords via email, SMS, or chat — use a password manager's secure share feature
Change passwords immediately after any data breach notification

❓ Frequently Asked Questions

Is it safe to generate passwords in a browser?

Yes, when generation uses crypto.getRandomValues() (as this tool does) and no data leaves your device. Avoid any tool that claims to generate passwords server-side.

What makes a password "strong"?

Length and randomness — not complexity tricks like substituting letters with numbers (p@ssw0rd). A 20-character random string is far stronger than any pattern-based password.