Submit a tool

Password Generator

Create strong, random passwords with your own rules. Choose the length and character types — everything is generated securely in your browser and never leaves your device.

Options

Stay secure

  • Use a unique password for every account.
  • Aim for 16+ characters on anything important.
  • Mix uppercase, numbers and symbols.
  • Store them in a trusted password manager.
  • Never share or reuse passwords across sites.

What makes a password strong?

A strong password is long, unpredictable and unique. The two biggest factors are length and variety: each extra character and each additional character type (lowercase, uppercase, numbers, symbols) multiplies the number of possible combinations an attacker would have to try. A random 16-character password mixing all four types is effectively impossible to brute-force with today's hardware.

How to use this password generator

  1. Set the length. Drag the slider — longer is stronger. 16 to 24 characters is a great default for most accounts.
  2. Choose character types. Keep lowercase, uppercase, numbers and symbols enabled for maximum strength. Disable any that a particular site doesn't allow.
  3. Copy and save. Click Copy password and paste it straight into your password manager or the sign-up form. Hit the refresh button any time for a fresh one.

Why generate passwords in your browser?

  • Privacy. The password is created on your device with the Web Crypto API and is never transmitted or stored on a server.
  • True randomness. Cryptographically secure randomness means the output can't be predicted, unlike passwords people invent themselves.
  • Speed. No accounts, no waiting — a new strong password is one click away.

Frequently asked questions

Are these passwords really random and secure?

Yes. Passwords are generated with the browser's Web Crypto API (crypto.getRandomValues), which provides cryptographically secure randomness — far stronger than Math.random().

Is my password sent anywhere?

Never. Everything runs locally in your browser. No password is uploaded, logged or stored, so it can't be intercepted.

How long should my password be?

Use at least 16 characters for important accounts. Longer passwords are exponentially harder to crack — combine length with a mix of character types for the best protection.

What does 'exclude ambiguous characters' do?

It removes look-alike characters such as 0/O and 1/l/I, so the password is easier to read and type by hand without affecting overall security much.

Should I use a unique password for every account?

Absolutely. Reusing passwords means one breach can compromise many accounts. Generate a unique password per site and store them in a password manager.