Password Generator

Generate cryptographically secure passwords in seconds. Control length, character types, and ambiguous characters — see the strength and entropy update instantly. Runs entirely in your browser; nothing is ever sent to a server.

Password Length

16characters
464

Character Types

Options

Generated Password

Select at least one character type.
Password Strength
Choose character types above

16

Length

Pool size

Entropy (bits)

About this tool

A professional password generator that uses the browser's Web Cryptography API (crypto.getRandomValues) for true randomness — the same source used by password managers and security software. Every password meets all the selected criteria by design: if you enable three character types, the result is guaranteed to contain at least one character from each type before filling the remaining positions randomly.

The strength meter calculates Shannon entropy (bits of randomness), which is a mathematically rigorous measure of how long a brute-force attack would take. The three stat cards show the current password length, the size of the active character pool, and the resulting entropy in bits — giving you a complete picture of your password's security. All processing happens client-side; your passwords are never transmitted anywhere.

How to use

1

Set the length

Drag the slider or click a preset chip (8, 12, 16, 24, 32) to choose how many characters your password should have.

2

Choose character types

Toggle uppercase letters, lowercase letters, numbers, and symbols on or off. The password updates instantly with every change.

3

Optionally exclude ambiguous characters

Enable this if you need to type or share the password by hand. It removes visually similar characters like O, 0, I, l, and 1.

4

Copy or regenerate

Click "Copy" to copy to clipboard, or "Generate New Password" for a fresh one. The strength and entropy scores update automatically.

Related tools

QR Code Generator

Encode your password or any text into a scannable QR code.

Base64 Encoder / Decoder

Encode or decode Base64 strings instantly in your browser.

JSON Formatter

Beautify, validate, and minify JSON with syntax highlighting.

Currency Converter

Convert between 30+ currencies with live exchange rates.

Frequently asked questions

Common questions about password security, entropy, and how this generator works.

Yes. All passwords are generated using the Web Cryptography API's crypto.getRandomValues(), which provides cryptographically strong randomness — the same source used by password managers and security tools. Your passwords are never sent to any server and are generated entirely in your browser.

Entropy measures how unpredictable a password is, expressed in bits. It is calculated as length × log₂(pool size). A password with 40 bits of entropy has about 1 trillion possible combinations. At 80 bits, that becomes 1.2 sextillion combinations — practically impossible to brute-force with current hardware.

For most online accounts, 12–16 characters with mixed character types gives excellent security. For highly sensitive accounts — banking, email, cloud storage — 20–32 characters is better. If you use a password manager (strongly recommended), generate 24+ character passwords freely since you never have to remember them.

Characters like O (uppercase O), 0 (zero), I (uppercase i), l (lowercase L), and 1 (one) look very similar in many fonts. Excluding them is useful when you need to read or type the password aloud or by hand — for example, a WiFi passphrase you share verbally, or a master password you type daily.

Strength is based on entropy (bits of randomness): Weak = below 40 bits, Fair = 40–60 bits, Strong = 60–80 bits, Very Strong = 80+ bits. Both increasing the length and enabling more character types raise entropy. Using symbols increases the character pool from ~62 to ~86 characters, adding roughly 5 bits per character.

Adding symbols expands the character pool from ~62 characters (upper + lower + digits) to ~86 characters, which increases the bits of entropy per character by about 0.5 bits. If a site blocks certain symbols, compensating with extra length achieves equivalent security. Always use whatever the site allows.

Use a password manager such as Bitwarden (free, open-source), 1Password, Dashlane, or your browser's built-in manager. Never store passwords in plain text files, spreadsheets, or sticky notes. A password manager encrypts everything behind a single strong master password — the only one you need to memorize.