Secure Password Generator
Free, strong password generator — any length from 10 to 20+ characters, fully offline.
Generate strong passwords that you can actually use
A good password generator produces passwords that are both cryptographically random (so they cannot be guessed) and practically usable (so you will actually adopt them). This tool uses crypto.getRandomValues() — the browser’s secure random source — to produce passwords you can trust.
What makes a password strong?
Password strength is measured in bits of entropy — essentially, the logarithm of the number of passwords an attacker would have to try. A 12-character password using lowercase, uppercase, digits and symbols has around 78 bits of entropy, which is unbreakable by brute force today.
Length matters more than complexity. An all-lowercase 20-character password has similar strength to a 12-character mixed-case one, and is far easier to remember if you ever need to.
Custom rules
- Length — anywhere from 4 to 64 characters. Common picks: 10 (minimum for modern accounts), 12 (balance of usability and strength), 14 (recommended default for most accounts), 16 or 20 for high-value accounts. The default is 20 (~130 bits of entropy with all sets). Preset chips above the slider cover the common lengths in one tap.
- Character sets — turn off any category a website prohibits.
- Exclude ambiguous characters — useful for passwords you will handle physically.
Where to store what you generate
Paste the output directly into a password manager (Bitwarden, 1Password, KeePassXC, iCloud Keychain, etc.). Reusing passwords is still the single biggest hole in personal security — a generator only helps if you pair it with a password manager.
Frequently asked questions
- What password length should I pick?
- **10 characters** is the practical minimum for a modern account — still breakable by a determined attacker but adequate for low-value sites. **12** is a reasonable default, **14** is the sweet spot for most accounts (roughly 90 bits of entropy with mixed sets), and **16 or 20+** is right for email, banking, and your password-manager master password. If in doubt, go longer — adding characters is the cheapest way to make a password stronger.
- How strong is "strong enough"?
- For most online accounts, a 14-character password drawing from lowercase, uppercase, digits and symbols gives roughly 90 bits of entropy — more than enough to resist any practical brute-force attack. For high-value accounts (email, banking, password manager master), go to 20+ characters.
- Should I include symbols?
- Yes, if the site accepts them. Symbols significantly increase the character-set size and therefore the entropy per character. If a site rejects symbols, increase the length to compensate.
- Why exclude ambiguous characters?
- Characters like 0, O, 1, l, I and the vertical bar can be hard to distinguish in some fonts. Excluding them makes a password you can read aloud or hand-type reliably, at a small cost to entropy.
- Is this password generator really free?
- Yes — no signup, no ads inside the tool, no length cap behind a paywall. The generator runs entirely in your browser using `crypto.getRandomValues()`, so we never see your passwords and there's nothing for us to charge for.