Password Generator
Generate strong, random passwords with 4 modes. Cryptographically secure, runs entirely in your browser — nothing is stored or transmitted.
Settings
History (0)
Free Password Generator with Strength Meter
Creating strong, unique passwords is your first line of defense against hackers. Our password generator uses the Web Crypto API — the same cryptographic engine used by banks and security software — to create truly random passwords that are practically impossible to crack. Unlike many online generators, this tool runs entirely in your browser. No passwords are ever sent to a server, stored in a database, or logged anywhere.
Four Generation Modes
Random mode generates passwords from customizable character sets — uppercase, lowercase, numbers, and symbols. You control the length (4 to 128 characters) and can exclude ambiguous or custom characters. Passphrase mode creates word-based passwords like "correct-horse-battery-staple" that are both secure and easy to remember. PIN mode generates numeric codes with options to avoid repeated or sequential digits. Memorable mode produces pronounceable passwords using consonant-vowel syllable patterns that are easier to type from memory.
Understanding Password Strength & Entropy
The built-in strength meter calculates real entropy in bits — a mathematical measure of randomness that tells you exactly how hard a password is to crack. Entropy is calculated as log2(pool size) × length. The pool size is the number of possible characters in your character set. For example, if you enable lowercase (26) + uppercase (26) + digits (10) + symbols (26), your pool is 88 characters. A 16-character password from that pool has log2(88) × 16 ≈ 103 bits of entropy.
Each additional bit of entropy doubles the number of possible combinations. That means 80 bits isn't just "twice as strong" as 40 bits — it's 240 times stronger (over one trillion times harder to crack). Here's how different entropy levels compare at 10 billion guesses per second (a powerful offline attack):
| Entropy | Rating | Combinations | Crack Time (10B/sec) | Example |
|---|---|---|---|---|
| 28 bits | Weak | 268 million | Instantly | 4-digit PIN |
| 40 bits | Fair | 1.1 trillion | ~2 minutes | 8-char lowercase only |
| 60 bits | Strong | 1.15 quintillion | ~3,650 years | 10-char mixed case + digits |
| 80 bits | Very Strong | 1.2 septillion | ~3.8 billion years | 13-char all types |
| 128 bits | Maximum | 3.4 × 1038 | Virtually forever | 20-char all types |
For passphrases, entropy is calculated differently: log2(word list size) × word count. Our 2,048-word list gives 11 bits per word, so a 4-word passphrase has 44 bits and a 6-word passphrase has 66 bits. Adding a number or symbol at the end adds a few extra bits.
Our recommendation: Use at least 60 bits for everyday accounts (email, social media), 80+ bits for financial or sensitive accounts, and 100+ bits for master passwords or encryption keys.
Batch Generation
Need passwords for multiple accounts? Set the quantity to generate up to 25 unique passwords at once. Each is independently generated with full cryptographic randomness. Copy them individually or use "Copy All" to grab the entire batch at once.
Frequently Asked Questions
Is this password generator secure?
Yes. This tool uses the Web Crypto API (crypto.getRandomValues) for cryptographically secure randomness. No passwords are stored, transmitted, or logged — everything runs entirely in your browser. Passwords exist only in memory and are cleared when you close the page.
What is password entropy and why does it matter?
Entropy measures the randomness of a password in bits using the formula log2(pool size) × length. A higher number means exponentially more combinations an attacker must try. Each additional bit doubles the difficulty — so 80 bits of entropy is over a trillion times harder to crack than 40 bits, not just twice as hard. A password with 40 bits has about 1 trillion combinations (crackable in minutes), 60 bits has over 1 quintillion (thousands of years), and 80 bits has over 1 septillion (billions of years). For everyday accounts, aim for 60+ bits. For banking and sensitive accounts, use 80+ bits. For master passwords, 100+ bits is ideal.
What is a passphrase and is it more secure than a random password?
A passphrase is a password made of random words, like "correct-horse-battery-staple." Passphrases with 5–6 words offer excellent security (55–66 bits of entropy) while being much easier to remember and type than random character passwords of equivalent strength.
How long should my password be?
For random character passwords, 12–16 characters with mixed character types provides strong security. For passphrases, 4–6 words is ideal. For PINs, use at least 6 digits. The strength meter on this tool shows you exactly how secure your password is in real time.
Can I generate multiple passwords at once?
Yes. Use the Quantity setting to generate up to 25 passwords in a single batch. Each password is independently generated with full cryptographic randomness. You can copy individual passwords or use the Copy All button to grab the entire batch.
What are ambiguous characters and why exclude them?
Ambiguous characters are letters and numbers that look similar in many fonts: lowercase L (l) and digit 1, uppercase O and digit 0, uppercase I and lowercase l. Excluding them makes passwords easier to read and type manually without reducing security significantly.