Password Generator
Generate secure random passwords with customizable length.
Adjust options and click Generate.
What makes a secure password?
A secure password is long, random, and unique to each account. It should combine uppercase and lowercase letters, numbers, and symbols to increase entropy (measure of unpredictability). Longer passwords are harder to crack: a 16-character random password is vastly stronger than a short, dictionary-based one.
Passphrases—sequences of random words like correct-horse-battery-staple—are easier to remember and can be equally strong when enough words are used. This tool supports both random-character passwords and passphrase mode, using cryptographically secure randomness (crypto.getRandomValues) in your browser.
Password best practices:
- Length — Use at least 12–16 characters for random passwords, or 4–6 words for passphrases.
- Uniqueness — Never reuse passwords across sites. Use a password manager to store them.
- Randomness — Avoid personal info, dictionary words, or predictable patterns. Let a generator create them.
- Ambiguous characters — Exclude 0/O, 1/l/I if the password will be typed manually to reduce confusion.
Password Generator FAQ
Is this password generator secure?
Yes. Passwords are generated entirely in your browser using crypto.getRandomValues, a cryptographically secure API. Your passwords never leave your device unless you copy or share them. No data is sent to our servers during generation.
What is entropy and why does it matter?
Entropy measures the unpredictability of a password in bits. Higher entropy means more combinations an attacker must try. A 16-character password with mixed case, numbers, and symbols typically has 95+ bits of entropy—far beyond what brute-force attacks can practically crack.
Should I use a random password or a passphrase?
Both can be secure. Random passwords (e.g. Kx9#mP2$vLq7@nR) are shorter and strong when long enough. Passphrases (e.g. mango-swift-wallet-flame) are easier to remember and type. Use random for passwords you store in a manager; passphrases for things you might need to recall, like a master password.
What does "exclude ambiguous characters" mean?
Characters like 0 (zero) and O (letter O), or 1, l, and I look similar and can cause typos when entering passwords manually. Excluding them reduces confusion and login errors, with a small trade-off in entropy.
How long should my password be?
For random passwords: 12–16 characters minimum, 16–20+ for high-security accounts. For passphrases: 4–6 random words is a good baseline. Some services limit length—check requirements before generating. This tool supports up to 128 characters for random mode.
Is my data stored when I use Share?
Only when you click "Copy link" after generating: the generated password is saved temporarily (about 24 hours) to create a shareable URL. You can share that link with someone who needs the password once. We do not store passwords for any other use.