Strong Password Generator
Create cryptographically strong random passwords using the browser's Web Crypto API for true randomness. Customize length, character sets, and exclusions to meet any password policy. Generate up to 50 passwords at once to pick the perfect one. Real-time entropy estimation helps you understand password strength. Passwords are generated and discarded entirely in your browser — they are never logged, stored, or transmitted.
What does this tool do?
The Password Generator creates secure random passwords using cryptographically secure random number generation via crypto.getRandomValues(), not predictable Math.random(). You control the length and character composition: uppercase letters A-Z, lowercase a-z, digits 0-9, and special symbols. The exclude similar characters option removes easily confused characters (0/O, 1/l/I, 5/S) to prevent transcription errors. Each generation produces up to 50 passwords simultaneously with a live entropy calculation showing the effective bit strength.
How it works
The tool uses the Web Crypto API's getRandomValues() which provides hardware-backed CSPRNG (Cryptographically Secure Pseudorandom Number Generator) quality randomness suitable for cryptographic applications. Character selection uses rejection sampling to eliminate modulo bias, ensuring all characters have equal probability. Entropy is calculated as log2(charset_size ^ length), giving the theoretical maximum bits of randomness. For each password, characters are selected randomly from the enabled character sets, with constraints applied (at least one from each enabled set, no similar characters if excluded), then displayed for selection.
Features
- True randomness from Web Crypto API (no Math.random)
- Modulo-bias-free rejection sampling for uniform distribution
- Toggle uppercase / lowercase / digits / symbols
- Exclude similar characters (0/O, 1/l/I, 5/S)
- Generate up to 50 passwords at once
- Live entropy estimate in bits
- 100% client-side — passwords never leave your browser
How to use
- 1
Set password length
16 characters is a secure minimum for most purposes. 20+ for high-security accounts. Maximum length is 128 characters.
- 2
Choose character sets
Enable the character types your system requires. All four (upper, lower, digits, symbols) gives maximum entropy. Some systems restrict symbols.
- 3
Toggle similar character exclusion
Enable if you'll need to transcribe the password manually (reading and typing). Prevents confusion between 0 and O, 1 and l and I, 5 and S.
- 4
Generate and select
Click Generate. Review the list and pick a password you find memorable enough or can copy easily. Click Regenerate for fresh candidates.
- 5
Copy and save
Copy your chosen password immediately to your password manager or secure storage. The tool does not save passwords.
Common use cases
New account creation
Generate strong passwords when signing up for online services, ensuring each account has a unique, unguessable credential.
Password manager setup
Create the master password for your password manager with maximum entropy since it protects all other passwords.
Shared account credentials
Generate team passwords for shared service accounts, then distribute securely through your organization's password sharing system.
System administration
Create database passwords, API keys, service account credentials, and other system passwords that need high entropy.
Tips & best practices
- 60+ bits of entropy resists casual online brute force attacks. 80+ bits resists determined offline attacks by well-resourced adversaries. 128+ bits is overkill for passwords but doesn't hurt
- Symbols add significant entropy per character but can cause issues on systems with poor international keyboard support — use with caution for such systems
- The exclude similar characters option reduces the character set slightly but prevents transcription errors when you must type manually
- Always use a password manager — humans cannot remember truly random 16+ character passwords for dozens of accounts