Password Generator
Create secure, random passwords instantly using your browser's built-in cryptographic randomness.
Example
A 16-character password using uppercase, lowercase, and digits draws from a pool of 62 characters. Its entropy is 16 × log2(62) ≈ 95 bits, rated "Very strong" — for example k9TfQ2mLpZ7xRb4W.
How it works
Characters are drawn uniformly from your selected sets using crypto.getRandomValues with rejection sampling to avoid modulo bias, guaranteeing at least one character from each chosen set. Strength is estimated as entropy in bits = length × log2(pool size).
Good to know
This Password Generator builds a fresh, unpredictable password every time you click Generate, then shows you exactly how strong it is. You set the length with a slider (anywhere from 4 to 64 characters) and tick which character families to include: uppercase, lowercase, digits, and symbols. It's aimed at anyone who needs a unique password they didn't think up themselves — for a new account, a password manager entry, a Wi-Fi key, or to replace a reused login after a breach.
Reach for it whenever a site forces you to invent yet another password and your brain defaults to a tired pattern. Because the password is assembled in your browser and never sent anywhere, it's also safe to use for sensitive accounts on a machine you trust. The tool guarantees at least one character from each set you enable, so a password meant to satisfy "must include a number and a symbol" rules won't accidentally come out as all letters.
The result panel gives you two numbers to read together. Length is simply the character count, and Entropy in bits is the real measure of guessing difficulty — it grows with both length and how many character types you turned on. The badge translates that into plain words: under 28 bits is Weak, up to 50 is Fair, up to 80 is Strong, and 80+ is Very strong. As a rough rule, push length up before worrying about symbols, since each extra character adds more entropy than you might expect.
One practical caveat: this tool only creates passwords, it does not store or remember them. Copy the result with the Copy button and paste it straight into a password manager — never trust yourself to memorise a 16-character random string, and never reuse one strong password across multiple sites.
Frequently asked questions
How random are these passwords?
They use crypto.getRandomValues, the browser's cryptographically secure random number generator, with rejection sampling to avoid modulo bias so every character is uniformly distributed.
What does the entropy in bits mean?
Entropy estimates how hard a password is to guess. It equals length × log2(pool size). Higher bits mean exponentially more possible combinations; 80+ bits is considered very strong against brute force.
Is my data uploaded anywhere?
No — this calculator runs entirely in your browser. Your inputs never leave your device, and it works offline once loaded.
Is this calculator free?
Yes, completely free with no sign-up and no limits.
People also ask
How long should my generated password be?
For most accounts, 16 characters with mixed letters and digits already clears 90+ bits of entropy and is rated Very strong. Bump it to 20 or more for high-value logins like email or banking, since length adds strength faster than adding symbol types.
Should I include symbols when generating a password?
Symbols enlarge the character pool and add a few bits of entropy, which helps. But some sites reject certain symbols, so if you hit a rejection just turn symbols off and add a few more characters of length instead to keep the same strength.
Can I use this password generator without an internet connection?
Yes. Once the page has loaded it runs entirely on your device, so you can disconnect from the network and keep generating passwords. Nothing is transmitted to any server.
Why does my password always contain at least one number and one symbol I selected?
The generator deliberately seeds one character from each set you enable before filling the rest randomly, then shuffles everything. This guarantees the password meets composition rules like must-contain-a-digit without you re-rolling it.
Is it safe to generate passwords in a web browser?
It is when the generator uses the browser's cryptographic random source, as this one does. The bigger risk is the environment: avoid generating passwords on shared or public computers where clipboard contents or screen could be captured.
What happens if I deselect every character type?
The tool can't build a password from an empty pool, so it shows a prompt to select at least one set and reports zero length and zero entropy until you re-enable a character type.
Does this generator save the passwords I create?
No. It has no memory or history — each password exists only on screen until you copy it or generate a new one. Paste it into a password manager immediately so you don't lose it.
What entropy counts as a strong password here?
The badge marks 50 to 80 bits as Strong and anything at or above 80 bits as Very strong. Reaching 80+ bits makes brute-force guessing impractical with current hardware.
Related calculators