Strong Password Generator — Generate Secure Passwords Online

Free

Generate cryptographically secure random passwords. Configurable length, character sets, and entropy display. Free, runs in your browser — passwords never transmitted.

random password generator onlinesecure password generatorpassword generator free
All Developer Tools

What's next

Generate a UUID
Random identifiers using the same Web Crypto source
Generate a SHA-256 hash
Hash your password for secure storage
Encode to Base64
Some systems expect Base64-encoded credentials

Settings guide

Length:

  • ·12 characters — Minimum for most security policies in 2026. Adequate for non-critical accounts when a password manager stores it.
  • ·16 characters — Recommended default. Resistant to brute force with current and near-future hardware.
  • ·20+ characters — High-security environments: root credentials, encryption keys, privileged service accounts.

Character sets:

  • ·Uppercase (A–Z) — 26 characters
  • ·Lowercase (a–z) — 26 characters
  • ·Digits (0–9) — 10 characters
  • ·**Symbols (!@#$%^&*...)** — ~32 characters
  • ·All four sets enabled: 94-character alphabet. Each character adds log₂(94) ≈ 6.5 bits of entropy.

Entropy display: Entropy in bits is shown for the current settings. 128-bit entropy is the security target for most applications. 256-bit is used for encryption keys.

Format comparison

Random passwords vs passphrases: A 4-word passphrase (from a 7,776-word Diceware list) has 4 × log₂(7776) ≈ 51.7 bits of entropy — far less than a 16-character random password (~105 bits). Passphrases are more memorable; random passwords are more secure at equivalent character count. If a password manager stores it, maximum entropy wins — use a random password.

Browser generator vs password manager generator: Both use cryptographic randomness and produce equivalent security. The browser generator is useful when you do not have your password manager handy or need a password to create the master account for a new password manager.

How it works

1

Generate random bytes

The required number of random bytes are requested from window.crypto.getRandomValues() — a CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) backed by the operating system's entropy pool.

2

Map bytes to characters

Each random byte is mapped to a character from the selected alphabet using rejection sampling — bytes that would create a biased distribution are discarded and a new random byte is used. This ensures uniform distribution across all characters.

3

Calculate entropy

Entropy in bits is calculated as length × log₂(alphabet size). Entropy indicates how hard the password is to brute-force: each bit of entropy doubles the search space.

4

Display and copy

The password is shown in a masked field (reveal toggle available). A one-click copy button copies to clipboard without selecting text. The password is never sent anywhere — it exists only in your browser tab.

About this format

A strong password is unpredictable. The most important factor is length — each additional character multiplies the number of possible passwords exponentially. A 20-character random password from a 94-character set has 94²⁰ ≈ 5.6 × 10³⁹ possibilities, making brute force infeasible.

This generator uses your browser's Web Crypto API (`crypto.getRandomValues()`) — the same cryptographic randomness source used for TLS keys. Passwords are generated and displayed locally; they are never transmitted, logged, or stored anywhere outside your browser tab.

Frequently asked questions

How secure is a password generated here?+
Passwords are generated using window.crypto.getRandomValues() — a cryptographically secure random number generator. A 16-character password with all character sets has approximately 105 bits of entropy. At 10 billion guesses per second (high-end GPU attack), cracking it would take longer than the age of the universe.
Are generated passwords stored or transmitted?+
No. The entire generation process runs in your browser using JavaScript. The password is never sent to any server, never logged, and never stored. Close the tab and the password is gone. Use a password manager to store it.
What is password entropy and why does it matter?+
Entropy measures unpredictability in bits. Each bit of entropy doubles the search space for a brute-force attack. A password with 80-bit entropy requires 2^80 ≈ 10^24 guesses on average to crack. Security standards generally require 128-bit entropy for passwords protecting sensitive data.
Should I use symbols in my password?+
Symbols increase the alphabet size from 62 (letters + digits) to 94 characters, adding about 0.7 bits of entropy per character. More impactful: increase length instead. A 20-character password with only letters and digits is far stronger than a 10-character password with symbols.
What is the difference between this and a passphrase generator?+
This generates random character strings (e.g., 'xK9#mP2qL7!r'). A passphrase generator creates sequences of random words (e.g., 'correct-horse-battery-staple'). Character passwords offer more entropy per character; passphrases are easier to type and remember. Both are secure when stored in a password manager.

Related tools and guides

uuid v4 generatorsha256 hash generatorpassword generatorGuide: best online developer toolsAll Developer Tools