Password Generator
Generate strong random passwords with customisable rules.
Set the length and character classes (lowercase, uppercase, digits, symbols), optionally exclude lookalike characters, and generate one or many passwords at a time. Drawn from the browser's cryptographic RNG — the same source banks use for session tokens.
Common use cases: rotating a leaked password, seeding a new vault entry, creating an API token or service-account credential, generating short codes for one-off access, and producing passwords for non-human accounts that humans never need to type.
Generated Password
Strength: Strong
Frequently asked questions
How long should my password be?
For human-typed passwords, 16+ characters with a mix of classes is plenty. For machine-stored secrets (API tokens, service accounts), go to 32+ — there's no usability cost and it pushes brute-force out of reach for the foreseeable future.
Are these passwords actually random?
Yes — characters are drawn from
crypto.getRandomValues, the browser's cryptographically secure RNG. No Math.random, no time-seeded fallbacks.Is it safe to generate passwords in a webpage?
It's as safe as the device running the browser. The generated password never leaves the page — nothing is transmitted, logged or stored. Close the tab and the password is gone unless you saved it to your manager.
Should I exclude similar-looking characters?
Only if you expect to type or read the password aloud — excluding
0/O and 1/l/I reduces transcription errors. For passwords pasted into a manager, leave them in to maximise entropy.Why not use a passphrase instead?
Passphrases (e.g. four random words) are excellent for things you must memorise — a master password, a disk encryption key. For everything else, a long random string in a password manager is shorter to store and at least as strong.