Secure Password Generator
Create strong, random passwords with custom length and character sets.
Generate strong passwords that you can actually use
A good password generator produces passwords that are both cryptographically random (so they cannot be guessed) and practically usable (so you will actually adopt them). This tool uses crypto.getRandomValues() — the browser’s secure random source — to produce passwords you can trust.
What makes a password strong?
Password strength is measured in bits of entropy — essentially, the logarithm of the number of passwords an attacker would have to try. A 12-character password using lowercase, uppercase, digits and symbols has around 78 bits of entropy, which is unbreakable by brute force today.
Length matters more than complexity. An all-lowercase 20-character password has similar strength to a 12-character mixed-case one, and is far easier to remember if you ever need to.
Custom rules
- Length — anywhere from 4 to 64 characters. Default is 20 (about 130 bits with all sets).
- Character sets — turn off any category a website prohibits.
- Exclude ambiguous characters — useful for passwords you will handle physically.
Where to store what you generate
Paste the output directly into a password manager (Bitwarden, 1Password, KeePassXC, iCloud Keychain, etc.). Reusing passwords is still the single biggest hole in personal security — a generator only helps if you pair it with a password manager.
Frequently asked questions
- How strong is "strong enough"?
- For most online accounts, a 14-character password drawing from lowercase, uppercase, digits and symbols gives roughly 90 bits of entropy — more than enough to resist any practical brute-force attack. For high-value accounts (email, banking, password manager master), go to 20+ characters.
- Should I include symbols?
- Yes, if the site accepts them. Symbols significantly increase the character-set size and therefore the entropy per character. If a site rejects symbols, increase the length to compensate.
- Why exclude ambiguous characters?
- Characters like 0, O, 1, l, I and the vertical bar can be hard to distinguish in some fonts. Excluding them makes a password you can read aloud or hand-type reliably, at a small cost to entropy.