Password Generator
Generate strong, random passwords
About this tool
The Password Generator creates cryptographically secure random passwords using the browser's built-in crypto.getRandomValues() API โ the same source of entropy used by operating systems and security software. Unlike Math.random(), this is suitable for security-critical use cases.
When to use it
- โGenerating strong unique passwords for new accounts
- โCreating API keys and secrets during development setup
- โProducing bulk temporary passwords for user onboarding scripts
- โTesting password strength requirements in your own app's validation logic
Tips
- โ16+ characters with all character types is sufficient for most accounts.
- โFor master passwords (password managers, disk encryption), use 24+ characters.
- โA random 16-character password with full character set has ~95 bits of entropy โ essentially uncrackable by brute force.
Frequently asked questions
How random are these passwords?
They use crypto.getRandomValues(), the browser's cryptographically secure pseudorandom number generator (CSPRNG). This is the same entropy source used by TLS, SSH key generation, and operating system security functions โ suitable for any security purpose.
What makes a password 'strong'?
Strength comes from entropy โ the number of possible combinations. Length has more impact than character set complexity. A 20-character lowercase password has more entropy than a 12-character password with symbols. Uniqueness matters too โ reusing passwords across sites makes any one breach expose all your accounts.
Are generated passwords stored anywhere?
No. Passwords are generated locally in your browser and never transmitted anywhere. The page has no backend, no analytics, and no network requests during password generation. Closing the tab permanently discards the passwords.
Should I use a passphrase instead of a random password?
Passphrases (4-5 random words like 'correct-horse-battery-staple') are easier to remember and can have comparable entropy to shorter random passwords. For accounts you type frequently without a password manager, a passphrase may be more practical.