Password Generator
Create strong, random passwords in one click. Choose the length and which character types to include — uppercase, lowercase, numbers, and symbols — and get a secure password with a live strength estimate. Every password is generated with your browser's cryptographic random generator and never leaves your device.
How to Use
Set the length with the slider and toggle the character types you want to include. A new password is generated instantly, with a strength bar and an estimate of its entropy in bits. Click Copy to put it on your clipboard, or generate a fresh one any time. For most accounts, 16+ characters with all four types is a strong choice.
Why This Tool Is Useful
Reused and guessable passwords are the leading cause of account breaches. A long, random password is the single best defense, but humans are bad at inventing randomness. This generator produces genuinely unpredictable passwords using the Web Crypto API, and because it runs entirely in your browser, the password is never transmitted or logged — making it safe to use even for sensitive accounts.
What Makes a Password Strong
Strength comes from two things: length and unpredictability. A longer password has exponentially more possible combinations, and including more character types (uppercase, lowercase, numbers, symbols) enlarges the pool of characters at each position. Together these determine the password's entropy — a measure, in bits, of how hard it is to guess.
As a rule of thumb, aim for at least 12 characters; 16 or more with mixed character types is strong enough to resist offline cracking for the foreseeable future.
How This Generator Works
It builds a character set from the types you select, then picks each character using crypto.getRandomValues — your browser's cryptographically secure random number generator. That's far more random than typical scripts that use Math.random, which is not safe for security.
Everything happens locally in your browser. No password is sent to a server, saved, or visible to anyone but you.
Length vs Complexity
If you have to choose, length beats complexity. A long password made of just letters can be stronger than a short one packed with symbols, because each extra character multiplies the possibilities. The best passwords are both long and varied.
The table below gives a rough sense of how length affects how long a password would take to crack in an offline attack.
Tips for Password Security
A strong password is only part of staying safe online:
- Use a unique password for every account — never reuse them.
- Store them in a reputable password manager instead of memorizing.
- Turn on two-factor authentication wherever it's offered.
- Longer is better — favor length over hard-to-type symbols.
- Never share a password over email or chat.
How Length Affects Crack Time (rough estimate)
| Length (mixed characters) | Approx. time to crack |
|---|---|
| 8 characters | Hours to days |
| 10 characters | Weeks to months |
| 12 characters | Hundreds of years |
| 14 characters | Tens of thousands of years |
| 16+ characters | Effectively uncrackable |