Your data is never sent to a server or stored anywhere. All processing happens in your browser.

Password Generator — Strong, Crypto-Safe, Entropy

Presets Click to load settings
Length: 16
Uppercase (A-Z) / Lowercase (a-z) / Numbers (0-9)
Symbols
Options
Very Strong (104 bits)

How to Use

Passwords are automatically regenerated when you change any setting. Use the copy button to copy generated passwords to your clipboard.

Strength Calculation

Password strength is measured by entropy (in bits). Higher entropy means more resistance to brute-force attacks.

Formula: Entropy = Length × log₂(Charset Size)

  • Very Weak: below 40 bits
  • Weak: 40–59 bits
  • Fair: 60–79 bits
  • Strong: 80–99 bits
  • Very Strong: 100 bits or more

Recommended Practices

  • Use 16+ characters (per NIST SP 800-63B guidelines)
  • Include all four character types: uppercase, lowercase, numbers, and symbols
  • Avoid dictionary words and personal information (names, birthdays)
  • Use a unique password for each service
  • Consider using a password manager

Security

This tool uses a cryptographically secure random number generator (crypto.getRandomValues). Generated passwords are never sent to a server — all processing happens in your browser.

FAQ

Are the generated passwords stored anywhere?

No. All generation happens in your browser — passwords are never sent over the network or stored on any server. Once you copy a password, it is safe to use without concerns about leakage from this tool.

Why is there an 'exclude ambiguous characters' option?

Some characters look alike depending on the font: 0 (zero) vs O (letter O), 1 (one) vs l (lowercase L) vs I (capital i). Excluding them prevents mistakes when passwords are written down or read aloud — useful for Wi-Fi keys and one-time credentials.

How do I interpret entropy (bits)?

Higher entropy means stronger resistance to brute-force attacks. Aim for 60+ bits for general use, 80+ bits for sensitive accounts, and 100+ bits for the highest-security use cases. The tool shows both the bit count and a strength label.

Why is 16+ characters recommended?

Modern security guidelines like NIST SP 800-63B recommend 16 or more characters. This length is needed to resist GPU-accelerated brute-force attacks and precomputed lookup tables (rainbow tables).

Do I really need a password manager?

Strongly recommended. Remembering long, complex passwords for every account is impractical — store generated passwords in a manager like 1Password, Bitwarden, or Apple Keychain so you only need to recall one master password.