Password Generator

What makes a strong password?

Password strength comes from length and unpredictability, measured in bits of entropy. A 12-character random password drawn from upper, lower, digit and symbol sets has ~78 bits of entropy — strong enough to resist brute-force attacks for a very long time. Aim for at least 14 characters for important accounts.

Are these passwords really random?

Yes. We use the browser's window.crypto.getRandomValues API, which is cryptographically secure and the same primitive used for generating cryptographic keys. The password never leaves your device — it's never sent to a server, never logged, never stored.

Best practices

• Use a unique password for every account. One breach should not cascade.
• Use a password manager (Bitwarden, 1Password, KeePass) to store them.
• Enable two-factor authentication (2FA) wherever offered.
• Use a passphrase (4+ random words) for things you must memorize, like your password manager's master password.

Frequently Asked Questions

How long should my password be?

14+ characters with a mix of types is excellent for most accounts. For your most critical accounts (email, password manager), 20+ characters or a long passphrase is recommended.

Why avoid ambiguous characters?

Characters like O, 0, l, 1 and I are easy to misread when copying a password by hand. Disable them if you'll be reading the password aloud or typing it from a printout.

Is it safe to generate passwords on a website?

Only when generation happens client-side, as it does here. View the page source if you're skeptical — there are no network requests at password-generation time.