Generate strong, random passwords using cryptographically secure randomness. Customize the length, choose which character types to include, and check the strength of your password.
crypto.getRandomValues() for true randomness.Humans are bad at creating random passwords. We tend to use predictable patterns — dictionary words, birth dates, keyboard sequences like "qwerty123". Attackers know these patterns and use them in dictionary attacks and brute force tools.
A password generator uses cryptographic randomness to create passwords that have no pattern, making them resistant to all known attack methods. The only feasible way to crack a truly random password is exhaustive brute force, which becomes impractical as length increases.
Password strength is measured in bits of entropy. Entropy represents the number of possible combinations an attacker would need to try. The formula is:
| Character Set | Pool Size | Entropy per Char |
|---|---|---|
| Lowercase only | 26 | 4.7 bits |
| Lower + Upper | 52 | 5.7 bits |
| Lower + Upper + Digits | 62 | 5.95 bits |
| All (incl. symbols) | ~95 | 6.57 bits |
A 16-character password using all character types has about 105 bits of entropy, which would take billions of years to crack by brute force with current hardware.
Yes. It uses crypto.getRandomValues(), a Web Crypto API that provides cryptographically strong random values. The password is generated entirely in your browser and is never sent to any server.
At least 12 characters, ideally 16 or more. Length is the single biggest factor in password strength. A 20-character lowercase password is stronger than an 8-character password with all character types.
Symbols increase the character pool and add entropy per character. However, some systems restrict which symbols are allowed. If you run into issues, try generating with just letters and digits at a longer length.