Strong Password Generator

Cryptographically-secure random passwords using window.crypto.getRandomValues(). Adjust length, choose character sets, exclude ambiguous characters. Runs entirely in your browser.

20
Uses browser-native crypto.getRandomValues. Nothing transmitted.

What makes a strong password?

A strong password is one that's effectively impossible to guess by brute force in a reasonable amount of time, and that doesn't appear in any password breach database. Three things drive that: length (more characters = exponentially more guesses needed), character variety (using upper, lower, digits and symbols expands the search space per character), and randomness (a truly random password doesn't follow predictable patterns the way a human-chosen one does).

This generator delivers all three. Length is your choice. Character sets are toggleable. Randomness comes from your browser's crypto.getRandomValues() API β€” a cryptographically secure random number generator suitable for keys, tokens and passwords.

How long should a password be?

Length matters far more than complexity. A 20-character all-lowercase random string is harder to crack than an 8-character "complex" password with all four character classes.

Character sets β€” when to include each

Passwords you should generate, not memorise

Your password manager's master password is one you should memorise β€” make it a long, memorable but high-entropy passphrase (5–6 random English words, ~70 bits entropy). Every other password should be machine-generated, stored in the password manager, and never memorised. Letting humans pick "their" passwords for each site is the source of most password breaches.

Tips and best practice

FAQs

Is this truly random?

Yes β€” uses the browser's crypto.getRandomValues() API which is cryptographically secure. Not the same as Math.random().

Is the password ever sent to a server?

No. Generation runs entirely in your browser.

Can I generate many at once?

Yes β€” set "Count" above 1.

What about passphrases (multi-word) instead of passwords?

Coming in a future tool. For now, this generates dense random strings.

Why exclude ambiguous characters?

When you need to type from screen or read out loud, O/0 confusion is real. Tick the box to remove them at the cost of a small reduction in entropy.

Related developer tools