Password Generator
Generate strong, random passwords with customizable length and character options. Everything runs in your browser — no passwords are stored or transmitted.
About This Tool
The Password Generator creates cryptographically random passwords using the Web Crypto API built into your browser. It is useful for:
- Creating unique passwords for every account
- Meeting complex password requirements for work or school systems
- Generating API keys, tokens, or random strings for development
- Replacing weak or reused passwords with strong ones
Your passwords are generated entirely on your device using crypto.getRandomValues(). Nothing is sent to any server, making this tool completely private and safe to use.
FAQ
What makes a password strong?
A strong password is long (at least 12 characters), uses a mix of uppercase letters, lowercase letters, numbers, and symbols, and is not based on dictionary words or personal information. The longer and more varied the character set, the harder it is to crack by brute force.
What is password entropy?
Entropy measures the randomness of a password in bits. It is calculated as log2(pool_size ^ length), where pool_size is the number of possible characters. A password with 80+ bits of entropy is considered very strong. For example, a 16-character password using uppercase, lowercase, numbers, and symbols (94 characters) has about 105 bits of entropy.
Should I use a password manager?
Yes. A password manager stores all your unique passwords securely so you only need to remember one master password. This lets you use long, random, unique passwords for every account without memorizing them. Popular options include Bitwarden, 1Password, and KeePass.
How often should I change my passwords?
Modern security guidance (including NIST) recommends changing passwords only when there is evidence of a breach, rather than on a fixed schedule. Frequent forced changes often lead to weaker passwords. The most important practice is using a unique, strong password for every account and enabling two-factor authentication wherever possible.