Files are auto-deleted after processingProcessed securely over HTTPS

Frequently Asked Questions

Each character is drawn from window.crypto.getRandomValues — the browser's cryptographically secure random source, the same one used for TLS session keys. That is far stronger than Math.random and matches the entropy expected by password managers and security audits.

technical

For most accounts a 16-character password with uppercase, lowercase, numbers and symbols comfortably exceeds 80 bits of entropy and resists offline cracking. Vault master passwords and root credentials benefit from 24+ characters; throwaway burner accounts can use fewer.

tips

Strength is estimated as length × log₂(character pool size), expressed in bits. Anything above ~80 bits is considered safe against offline brute force for the foreseeable future. Removing character classes shrinks the pool, so the bit count drops accordingly.

technical

In theory yes, but the probability is astronomically small for any reasonable length. A 16-character mixed-class password has roughly 10^31 possible values — the chance of accidental collision is far smaller than the chance of a hardware failure.

privacy

Enable "Exclude similar" (i, l, 1, L, o, 0, O) when the password will be transcribed by hand or read over the phone to avoid mix-ups. Enable "Exclude ambiguous" ({} [] () /\ '"`,;:.) when the password must paste cleanly into terminals or shell scripts.

features

No. Generation happens entirely on your device and recent passwords live in memory until you reload the tab. Nothing is sent over the network, nothing is logged and nothing is cached.

privacy

Yes. Turn on "Exclude similar" to drop the characters that get confused on screen or over the phone (i, l, 1, L, o, 0, O), and turn on "Exclude ambiguous" to drop brackets, slashes and quotes that are awkward to type. Then raise the length a few characters to keep the entropy where you want it.

tips

Switch the mode toggle from 'Random characters' to 'Passphrase (words)' — the generator then builds a password from several random dictionary words (EFF Diceware wordlist) instead of scrambled characters, which is easier to remember and type but still cryptographically strong.

usage

The default of 6 words gives roughly 77 bits of entropy, the EFF-recommended minimum for a strong passphrase. Drag the Words slider higher (up to the maximum) for a master password protecting a password manager or crypto wallet, or lower for a passphrase you'll type frequently on a low-risk account.

tips

Yes. The Separator dropdown lets you pick a hyphen, dot, underscore, space, or no separator at all. A hyphen or dot is usually easiest to type accurately on both desktop and mobile keyboards, while some login forms reject spaces in passwords.

features

Turn on 'Capitalize each word' if a site requires an uppercase character, and 'Append a number' if it requires a digit — many login forms enforce these composition rules even for long passphrases. Both options add negligible extra memorization effort while satisfying stricter password policies.

tips

Use Passphrase mode with 7-8 words, a hyphen or dot separator for easy retyping, capitalize each word on, and append a number on — this comfortably clears 90+ bits of entropy while staying far easier to memorize and type accurately than an equivalent-strength random-character password.

tips

The Length slider in Random characters mode runs from 8 up to 128 characters, matching the 'up to 128 characters' promise in the tool's title. For most logins 16-20 characters is plenty; push toward 128 only for systems that specifically call for an extremely long secret, like certain API tokens or hardware security modules.

technical

The Words slider in Passphrase mode ranges from 3 words (shorter, lower entropy) to 12 words (extremely high entropy, well over 150 bits). The default of 6 words balances memorability with the EFF-recommended ~77-bit minimum for a strong passphrase.

technical

The Regenerate button disables and the password field clears, with a hint reading 'Pick at least one character class to enable generation.' At least one of Uppercase, Lowercase, Numbers or Symbols must stay checked, since the generator needs a character pool to draw from.

usage

How Password Generator helps you get it done

Real problems it solves every day — for businesses, creators, and everyday tasks. Find the use case that fits you and start in seconds.

For Developers

Master Passwords for Vaults & Password Managers

Generate strong, high-entropy master passwords for 1Password, Bitwarden, KeePass and LastPass that resist offline brute-force attacks for decades

Personal Use

Random Wi-Fi & Hotspot Passwords

Create memorable yet secure Wi-Fi passwords for home routers, office guest networks and pop-up event hotspots without falling back to "password123"

For Developers

Secure Server, SSH & Database Credentials

Provision strong passwords for Linux user accounts, MySQL/Postgres roles and SSH key passphrases when bootstrapping new staging and production servers

Personal Use

New Email & Social Media Accounts

Generate unique passwords for every new Gmail, Outlook, Instagram and Twitter account so a breach of one service never cascades into the others

For Business

Bulk Customer & Employee Onboarding

Generate temporary one-time passwords for new employee accounts, customer portal logins and bulk SaaS provisioning workflows that force a reset on first use

For Developers

Encryption Keys & Backup Passphrases

Create long, ambiguous-character-free passphrases to protect VeraCrypt volumes, encrypted backups, BitLocker drives and offline crypto wallet seeds

Personal Use

Passphrases You Can Actually Type on a TV Remote

Switch to Passphrase mode for smart TV, game console and streaming-box logins where an on-screen keyboard makes a random 20-character password painful — a hyphen-separated, capitalized word passphrase stays strong but is far faster to enter.

For Business

One-Off Handoff Credentials for Clients & Contractors

Generate a fresh, high-entropy password when handing a CMS, hosting or FTP account over to a client or contractor at project close — turn on Exclude ambiguous so the password pastes cleanly into any config file or terminal.

Personal Use

Lock Down Gaming Accounts Against Credential Stuffing

Give every Steam, Riot, Battle.net and Epic account its own 16+ character random password instead of reusing one across platforms — the character-class checkboxes let you match whatever composition rules each launcher enforces.

Personal Use

Passwords That Read Back Cleanly on Paper

For a password you'll write on a physical backup sheet or read aloud over the phone, turn on Exclude similar to drop the i/l/1/L/o/0/O characters that get misread or mistyped when transcribed by hand.

For Business

Rotating Passwords for Regulated Teams

Meet HIPAA, PCI or SOC 2 password-rotation requirements by generating a fresh 20+ character password with all four character classes enabled every cycle, keeping entropy well above audit minimums without reusing patterns.

For Developers

Router & Smart-Home Device Admin Passwords

Generate a maximum-length random password with all four character classes on for a home router, NAS or smart-lock admin account you'll rarely type by hand but that needs to resist automated credential-stuffing attacks from the internet.