Generate a cryptographically secure random password right in your browser. Pick a length and character sets, and the tool uses crypto.getRandomValues with rejection sampling for unbiased, high-entropy output. Everything runs locally; nothing is uploaded or stored.
At least one character set must stay enabled. Current pool size: 86 characters.
Humans are famously bad at inventing random passwords. We reach for words, dates, and keyboard patterns — exactly the things password-cracking tools try first. This free Password Generator removes the human from the loop: it asks your browser's cryptographically secure random number generator (crypto.getRandomValues, part of the Web Crypto API) for random bytes and maps them onto your chosen character pool. The result is a password with no structure to exploit, whose strength can be measured precisely in bits of entropy.
Everything happens on your device. There is no API call, no analytics event carrying the password, and no storage — the password exists only in the box above until you copy it. Refreshing the page discards it forever.
A common mistake in homemade generators is mapping a random byte (0-255) onto a character pool with byte % poolSize. Unless the pool size divides 256 evenly, the first few characters of the pool come up slightly more often — a small but real bias that reduces effective entropy. This tool uses rejection samplinginstead: any byte greater than or equal to the largest multiple of the pool size below 256 is simply discarded and a fresh byte is drawn. Every character in the pool is exactly equally likely.
Entropy measures how many guesses an attacker would need on average. It is calculated as length × log2(poolSize) — each character contributes log2(poolSize) bits. The meter uses these bands:
Notice how the meter responds as you drag the length slider: going from 12 to 20 characters does far more than toggling the symbols checkbox. Length multiplies the search space per character; complexity only enlarges the pool a little. When in doubt, make it longer.
The characters 0/O and 1/l/I look nearly identical in many fonts. If a password will ever be read aloud, printed, or typed from a screen (Wi-Fi passwords, temporary credentials shared over a call), excluding them prevents frustrating transcription errors. The entropy cost is tiny — the meter updates so you can see exactly how tiny. For passwords that live only in a password manager, there is no reason to exclude anything.
Need other random identifiers? Try the UUID Generator, or hash data with the Hash Generator. To go deeper, read Password Entropy Explained: Length vs Complexity, How to Create Strong Passwords, and Regex for Password Validation Rules.