Password Generator
Generate strong random passwords with customisable rules.
Set the length and character classes (lowercase, uppercase, digits, symbols), optionally exclude lookalike characters, and generate one or many passwords at a time. Drawn from the browser's cryptographic RNG, the same source banks use for session tokens.
Common use cases: rotating a leaked password, seeding a new vault entry, creating an API token or service-account credential, generating short codes for one-off access, and producing passwords for non-human accounts that humans never need to type.
Generated Password
Strength: Strong
Frequently asked questions
How long should my password be?
For human-typed passwords, 16+ characters with a mix of classes is plenty. For machine-stored secrets (API tokens, service accounts), go to 32+, there's no usability cost and it pushes brute-force out of reach for the foreseeable future.
Are these passwords actually random?
Yes, characters are drawn from
crypto.getRandomValues, the browser's cryptographically secure RNG. No Math.random, no time-seeded fallbacks.Is it safe to generate passwords in a webpage?
It's as safe as the device running the browser. The generated password never leaves the page, nothing is transmitted, logged or stored. Close the tab and the password is gone unless you saved it to your manager.
Should I exclude similar-looking characters?
Only if you expect to type or read the password aloud, excluding
0/O and 1/l/I reduces transcription errors. For passwords pasted into a manager, leave them in to maximise entropy.Why not use a passphrase instead?
Passphrases (e.g. four random words) are excellent for things you must memorise, a master password, a disk encryption key. For everything else, a long random string in a password manager is shorter to store and at least as strong.