Password Generator.

Cryptographically strong random passwords, generated in your browser with crypto.getRandomValues. Live entropy meter, four character-class toggles, one-click copy. Nothing is sent to a server.

Generated password20 chars

····················

Calculating strength…entropy: 129.5 bits

Lengthlength: 20

min 8max 128

Character classes

Exclude look-alikesExclude 0 O I l 1

Your input never leaves your browser.

This tool needs JavaScript to generate passwords in your browser. Enable JS for this site.

About this tool →

When to use it

A strong password is one whose entropy exceeds an attacker’s compute budget. This tool generates one in your browser using the OS-backed CSPRNG (crypto.getRandomValues), then scores it with zxcvbn — a pattern-aware estimator that recognises dictionary words, keyboard walks, and l33t substitutions where naive character-class math underestimates risk.

Defaults produce a 20-character mixed-class password (~131 bits of entropy) — comfortably above the 128-bit threshold typically recommended for resisting offline cracking of a stolen hash dump. Drop the length to 12 for sites with input caps, push to 64+ for root credentials or vault master keys, or strip symbols for systems that reject them.

Typical reaches: spinning up a new service account, rotating an API token, drafting a one-time recovery code, or seeding a password-manager entry when “suggest password” isn’t available. Nothing is sent to a server and nothing is stored after you leave. For the full reasoning — entropy math, CSPRNG vs PRNG, when a passphrase beats a password — see the long-form explainer.

Read the full explainer →