// 100% client-side · nothing ever sent anywhere
Random password generator
Generate strong, secure passwords instantly — customise length, character sets and more.
100% in-browser · no data leaves your device · no account needed · completely free.
strength: —
10
passwords
strength: —
How long should it be?
Use at least 12 characters for general accounts. For email, banking and work: 16+. For encryption keys or master passwords: 24+.
Why symbols matter
Adding symbols grows the character pool from 62 to 94, making brute-force attacks exponentially harder. A 12-char all-lowercase password has ~10¹⁷ combinations. With symbols: ~10²³.
Use a password manager
You don't need to remember strong passwords. Use Bitwarden (free), 1Password or KeePass. One strong master password protects everything.
Never reuse passwords
If one site is breached, attackers try your password everywhere. Unique passwords per site are non-negotiable. A manager makes this effortless.
Passphrases are strong too
4–5 random words like "correct-horse-battery-staple" are highly secure and much easier to remember. Entropy comes from randomness, not complexity.
Enable 2FA everywhere
A strong password + two-factor authentication makes accounts virtually unbreakable. Use an authenticator app (not SMS) where possible.
What is entropy?
Entropy (bits) measures unpredictability. 40 bits = weak, 60 bits = reasonable, 80+ bits = strong, 100+ bits = very strong. More bits = exponentially harder to crack.
Is this tool safe?
Yes. Passwords are generated using the browser's crypto.getRandomValues() — cryptographically secure randomness. Nothing is sent to any server.