—Done with Password Generator? Try these next
Hand-picked tools that pair well with Password Generator. Keep going without losing your file.
Hash Generator
Compute SHA-1, SHA-256, SHA-384 and SHA-512 hex digests of any text or file using the browser's Web Crypto API.
Try it nowPDF Password
Lock a PDF with an AES-128 password, or remove a password from a PDF you can already open. Free, no signup; your file is processed securely on our server and deleted automatically afterward.
Try it nowJWT Decoder
Decode JSON Web Tokens, view header and payload, check expiry. Local-only — your tokens never leave the browser.
Try it nowBase64 Encoder / Decoder
Encode any text or file to Base64 (with URL-safe variant), or decode Base64 back to text. UTF-8 safe.
Try it nowURL Encoder / Decoder
Percent-encode URL components or whole URLs, and decode them back. encodeURIComponent and encodeURI modes.
Try it nowQR Code Generator
Create QR codes from text, URLs, WiFi, UPI, phone numbers or email. Static QR codes that never expire — no signup, no subscription and no watermark.
Try it nowFrequently Asked Questions
Each character is drawn from window.crypto.getRandomValues — the browser's cryptographically secure random source, the same one used for TLS session keys. That is far stronger than Math.random and matches the entropy expected by password managers and security audits.
technicalFor most accounts a 16-character password with uppercase, lowercase, numbers and symbols comfortably exceeds 80 bits of entropy and resists offline cracking. Vault master passwords and root credentials benefit from 24+ characters; throwaway burner accounts can use fewer.
tipsStrength is estimated as length × log₂(character pool size), expressed in bits. Anything above ~80 bits is considered safe against offline brute force for the foreseeable future. Removing character classes shrinks the pool, so the bit count drops accordingly.
technicalIn theory yes, but the probability is astronomically small for any reasonable length. A 16-character mixed-class password has roughly 10^31 possible values — the chance of accidental collision is far smaller than the chance of a hardware failure.
privacyEnable "Exclude similar" (i, l, 1, L, o, 0, O) when the password will be transcribed by hand or read over the phone to avoid mix-ups. Enable "Exclude ambiguous" ({} [] () /\ '"`,;:.) when the password must paste cleanly into terminals or shell scripts.
featuresNo. Generation happens entirely on your device and recent passwords live in memory until you reload the tab. Nothing is sent over the network, nothing is logged and nothing is cached.
privacyYes. Turn on "Exclude similar" to drop the characters that get confused on screen or over the phone (i, l, 1, L, o, 0, O), and turn on "Exclude ambiguous" to drop brackets, slashes and quotes that are awkward to type. Then raise the length a few characters to keep the entropy where you want it.
tipsSwitch the mode toggle from 'Random characters' to 'Passphrase (words)' — the generator then builds a password from several random dictionary words (EFF Diceware wordlist) instead of scrambled characters, which is easier to remember and type but still cryptographically strong.
usageThe default of 6 words gives roughly 77 bits of entropy, the EFF-recommended minimum for a strong passphrase. Drag the Words slider higher (up to the maximum) for a master password protecting a password manager or crypto wallet, or lower for a passphrase you'll type frequently on a low-risk account.
tipsYes. The Separator dropdown lets you pick a hyphen, dot, underscore, space, or no separator at all. A hyphen or dot is usually easiest to type accurately on both desktop and mobile keyboards, while some login forms reject spaces in passwords.
featuresTurn on 'Capitalize each word' if a site requires an uppercase character, and 'Append a number' if it requires a digit — many login forms enforce these composition rules even for long passphrases. Both options add negligible extra memorization effort while satisfying stricter password policies.
tipsUse Passphrase mode with 7-8 words, a hyphen or dot separator for easy retyping, capitalize each word on, and append a number on — this comfortably clears 90+ bits of entropy while staying far easier to memorize and type accurately than an equivalent-strength random-character password.
tipsThe Length slider in Random characters mode runs from 8 up to 128 characters, matching the 'up to 128 characters' promise in the tool's title. For most logins 16-20 characters is plenty; push toward 128 only for systems that specifically call for an extremely long secret, like certain API tokens or hardware security modules.
technicalThe Words slider in Passphrase mode ranges from 3 words (shorter, lower entropy) to 12 words (extremely high entropy, well over 150 bits). The default of 6 words balances memorability with the EFF-recommended ~77-bit minimum for a strong passphrase.
technicalThe Regenerate button disables and the password field clears, with a hint reading 'Pick at least one character class to enable generation.' At least one of Uppercase, Lowercase, Numbers or Symbols must stay checked, since the generator needs a character pool to draw from.
usageHow Password Generator helps you get it done
Real problems it solves every day — for businesses, creators, and everyday tasks. Find the use case that fits you and start in seconds.
Master Passwords for Vaults & Password Managers
Generate strong, high-entropy master passwords for 1Password, Bitwarden, KeePass and LastPass that resist offline brute-force attacks for decades
Random Wi-Fi & Hotspot Passwords
Create memorable yet secure Wi-Fi passwords for home routers, office guest networks and pop-up event hotspots without falling back to "password123"
Secure Server, SSH & Database Credentials
Provision strong passwords for Linux user accounts, MySQL/Postgres roles and SSH key passphrases when bootstrapping new staging and production servers
New Email & Social Media Accounts
Generate unique passwords for every new Gmail, Outlook, Instagram and Twitter account so a breach of one service never cascades into the others
Bulk Customer & Employee Onboarding
Generate temporary one-time passwords for new employee accounts, customer portal logins and bulk SaaS provisioning workflows that force a reset on first use
Encryption Keys & Backup Passphrases
Create long, ambiguous-character-free passphrases to protect VeraCrypt volumes, encrypted backups, BitLocker drives and offline crypto wallet seeds
Passphrases You Can Actually Type on a TV Remote
Switch to Passphrase mode for smart TV, game console and streaming-box logins where an on-screen keyboard makes a random 20-character password painful — a hyphen-separated, capitalized word passphrase stays strong but is far faster to enter.
One-Off Handoff Credentials for Clients & Contractors
Generate a fresh, high-entropy password when handing a CMS, hosting or FTP account over to a client or contractor at project close — turn on Exclude ambiguous so the password pastes cleanly into any config file or terminal.
Lock Down Gaming Accounts Against Credential Stuffing
Give every Steam, Riot, Battle.net and Epic account its own 16+ character random password instead of reusing one across platforms — the character-class checkboxes let you match whatever composition rules each launcher enforces.
Passwords That Read Back Cleanly on Paper
For a password you'll write on a physical backup sheet or read aloud over the phone, turn on Exclude similar to drop the i/l/1/L/o/0/O characters that get misread or mistyped when transcribed by hand.
Rotating Passwords for Regulated Teams
Meet HIPAA, PCI or SOC 2 password-rotation requirements by generating a fresh 20+ character password with all four character classes enabled every cycle, keeping entropy well above audit minimums without reusing patterns.
Router & Smart-Home Device Admin Passwords
Generate a maximum-length random password with all four character classes on for a home router, NAS or smart-lock admin account you'll rarely type by hand but that needs to resist automated credential-stuffing attacks from the internet.
Pixoate