Browser-only · Web Crypto API

Password Generator

Cryptographically strong passwords, memorable passphrases, and PINs. Generated locally with crypto.getRandomValues — nothing transmitted, nothing logged.

Your password
Very Weak0.0 bits · crack ≈ instant
Options
Length20
616324864
Recent (this session)

Generated passwords from this tab will appear here. History never leaves your browser memory.

Tip: a 16-character mixed password or 5-word passphrase is enough for most accounts. Use a password manager so you never have to remember more than one.

How to pick a good password

Length beats complexity

A 20-character lowercase password is stronger than an 8-character one stuffed with symbols. Aim for ≥ 60 bits of entropy for everyday accounts, ≥ 80 bits for anything financial or recovery.

Random > clever

Substituting 4 for a doesn't fool modern crackers. They know every trick. The only defense is genuine randomness from a CSPRNG — which is what this tool uses.

Never reuse

One leaked database becomes a key to every account sharing that password. Generate a fresh one for every site and store them in a password manager (1Password, Bitwarden, Apple Passwords).

Memorable passphrases work

For the few passwords you must type by hand (vault master, full-disk encryption), a 5–7 word passphrase is both strong and rememberable. The four-words-XKCD pattern is real.

T
ALL TOOLS · THE CATALOG
33 single-purpose utilities · runs local
Browse all →
IMAGE

Image Tools

MEDIA

Video & Audio

DEV

Developer Tools

DOCS

Documents & Utility

MIX

More Tools

MONEY

Finance

All tools process files entirely in your browser · Your data never leaves your device

Password Generator — Strong Random Passwords

Generate cryptographically random passwords or EFF-wordlist passphrases. Tune length, charset, and rules to match any service requirement. Runs entirely in your browser.

How to generate a strong random password

  1. Pick mode. Choose Random (e.g. xK!9pQzL$2vM) for max strength, or Passphrase (e.g. correct-horse-battery-staple) for memorability.
  2. Set length and charset. Random: 16–128 chars; pick uppercase, lowercase, digits, symbols, exclude ambiguous (0/O, l/1).
  3. Generate. Click Generate. New passwords appear instantly, sourced from window.crypto.getRandomValues (cryptographically secure).
  4. Copy and use. One-click copy. Paste into your password manager — never reuse passwords across sites.

Frequently Asked Questions

Are passwords stored or sent anywhere?
No. Generation runs in your browser using the Web Crypto API. Passwords are never logged, transmitted, or stored — even by the page itself.
Is it cryptographically secure?
Yes. We use window.crypto.getRandomValues, the same source browsers use for HTTPS keys.
Should I use random or passphrase?
For master passwords / sites without a manager, passphrase (4+ words) is easier to remember and equally strong. For service passwords stored in a manager, random is shorter.
How long should my password be?
At least 16 characters for random, or 4+ words for passphrase. Both yield 60+ bits of entropy (effectively unguessable).
What is EFF wordlist?
EFF Diceware: a curated list of 7,776 short, memorable English words designed for secure passphrases. Each word adds ~12.9 bits of entropy.
Can I exclude ambiguous characters?
Yes. Toggle "exclude ambiguous" to skip 0/O, l/1, I — useful for passwords you must type by hand.

Use Cases