Password Generator.

Generate a strong, random password for any purpose. Choose your length, character types, and how many you need. Includes presets for common use cases so it actually works where you paste it.

✓ Free 🔐 No data sent anywhere 6 presets

Password Generator

Generate a strong password instantly.

What's it for?

Password length

Character types

Uppercase

A B C … Z

Lowercase

a b c … z

Numbers

0 1 2 … 9

Symbols

! @ # $ % & *

How many passwords

🔑

Choose your settings and hit Generate

Helpful tips

🚫

Symbols can break things

Some routers, banking portals, and older systems silently reject passwords with symbols. If a pasted password fails, try regenerating without them.

🔑

Use a password manager

You only need to remember one strong master password. Everything else can be randomly generated and stored. 1Password, Bitwarden, and Apple Keychain are all solid options.

♻️

Never reuse passwords

When one site leaks your password, attackers try it on every other site automatically. Unique passwords per account are the single biggest thing you can do for your security.

📋

Nothing leaves your browser

Passwords are generated entirely in JavaScript on your device. No data is sent to any server. You can even disconnect from the internet first if you want to be sure.

How password generation works

The short version, for people
who just want a safe password

A password generator does one thing: it picks characters at random from a pool you define, then strings them together. The pool is built from whichever character types you enable — uppercase letters, lowercase letters, numbers, and symbols. The larger the pool and the longer the password, the harder it is to guess or brute-force. That relationship is captured by a single number called entropy, measured in bits.

Entropy tells you how many guesses an attacker would need in the worst case. Each extra bit doubles the number of guesses required. A 40-bit password needs about a trillion guesses to crack. An 80-bit password needs more guesses than there are atoms in the observable universe. Modern recommendations sit between 80 and 100 bits for general use, which a 16-character password with all character types comfortably achieves.

One practical complication is that not every system accepts every character. Some routers and banking portals silently reject symbols. Some systems impose a maximum length that is shorter than you would expect. This tool's purpose presets are designed around those real-world constraints, not just theoretical security scores.

Generation Result = floor(random() × pool) per char

No duplicates Fisher-Yates shuffle → pick first N

Entropy bits = length × log₂(pool size)

FAQ

Common questions

The most common reason is symbols. Many routers, banking portals, older enterprise systems, and some government websites have character blocklists that silently strip or reject certain symbols, often without showing a useful error message. If a password fails on paste, try regenerating with the Wi-Fi or Strict Systems preset, which disables symbols. A second common cause is a hidden maximum length. Some systems cap passwords at 16 or even 12 characters despite accepting longer input visually. If you suspect this, try a shorter password and see if the problem resolves.

For most accounts stored in a password manager, 16 characters with all character types is more than enough. It puts you well above 90 bits of entropy, which no current or near-future hardware can brute-force in any reasonable timeframe. For your password manager's master password, go longer: 20 to 24 characters is a sensible target, since that one password protects everything else. For low-stakes accounts or systems with a character limit, 12 characters is still acceptable. Below 10 characters is where risk starts to climb meaningfully.

Yes, for this tool. Passwords are generated entirely in JavaScript running on your own device. Nothing is sent to any server and there is no network request involved. You can verify this by opening your browser's developer tools and watching the network tab while generating a password: you will see no outbound requests. If you want to be completely certain, disconnect from the internet before using the tool. The page will continue to work fine offline once it has loaded.

Entropy measures how unpredictable a password is, expressed in bits. Each bit doubles the number of guesses an attacker needs. A password with 40 bits of entropy requires up to 2⁴⁰ guesses — about a trillion — to crack by brute force. A password with 80 bits requires 2⁸⁰ guesses, which is roughly a million trillion trillion. The formula is simple: entropy = length × log₂(pool size). Enabling more character types increases the pool size, which increases entropy per character. Longer passwords multiply that further. Both matter, but length has the bigger impact.

Yes, for almost everyone. The single biggest security risk for most people is reusing passwords across sites. When one site leaks its database, attackers run automated tools that try those credentials on thousands of other services within hours. A password manager solves this by letting you use a unique, randomly generated password for every account without having to remember any of them. You only need to remember one strong master password. Bitwarden is free and open source, 1Password is widely used in professional settings, and Apple Keychain and Google Password Manager are built into their respective ecosystems at no cost.

Passwords that appear complex but follow a predictable pattern are far weaker than they look. P@ssw0rd! contains uppercase, lowercase, a number, and a symbol, but it appears in every leaked password database and would be cracked in seconds. The same applies to any dictionary word with letter substitutions, names with numbers appended, keyboard patterns like Qwerty123!, and any password you have ever used before. True randomness is what matters, not visual complexity. A randomly generated password like mK9#vPxL is vastly stronger than MyDog$Fluffy2019 despite being shorter, because it contains no guessable structure.