~/random-password-generator ☀ LIGHT apps ← about me

🌐 Language

██████╗ █████╗ ███████╗ ███████╗ ██╗ ██╗ ██████╗ ██████╗ ██████╗ ██╔══██╗ ██╔══██╗ ██╔════╝ ██╔════╝ ██║ ██║ ██╔═══██╗ ██╔══██╗ ██╔══██╗ ██████╔╝ ███████║ ███████╗ ███████╗ ██║ █╗ ██║ ██║ ██║ ██████╔╝ ██║ ██║ ██╔═══╝ ██╔══██║ ╚════██║ ╚════██║ ██║███╗██║ ██║ ██║ ██╔══██╗ ██║ ██║ ██║ ██║ ██║ ███████║ ███████║ ╚███╔███╔╝ ╚██████╔╝ ██║ ██║ ██████╔╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝ ╚══════╝ ╚══╝╚══╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝

Random Password Generator_

Generate strong, secure passwords instantly — customise length, character sets and more.
100% in-browser · no data leaves your device · no account needed · completely free.

strength:
length: crack time:
press Space or to regenerate
length 16
character sets
Uppercase A B C … Z
Lowercase a b c … z
Numbers 0 1 2 … 9
Symbols ! @ # $ % & * …
exclude characters (optional)
10 passwords
strength:
crack time:
word count 4
separator
Capitalise wordsWord Word Word
Add numberword-word-42

A free strong password generator that runs entirely in your browser

This random password generator creates strong, unique passwords on demand using your browser's crypto.getRandomValues() API — the same cryptographically secure source of randomness that password managers and security software rely on. Nothing is sent to a server, nothing is logged, and the password disappears the moment you close the tab. It's a 100% client-side, free, no-signup tool with no ads and no limits.

You control everything: set any length from 4 to 128 characters, toggle uppercase, lowercase, numbers and special symbols, and optionally exclude ambiguous characters like O, 0, l and 1 for passwords you'll type by hand. Every generated password shows a live strength meter, its entropy in bits, and a realistic time-to-crack estimate so you can see at a glance how secure it really is.

How to create a secure password

Pick a length of at least 16 characters for everyday accounts, or 32 and above for master passwords, encryption keys and admin or API credentials. Keep all four character sets enabled to maximise entropy, then click Generate (or just press the Space bar) until you have a password you like. Click it to copy, and paste it straight into a password manager such as Bitwarden, 1Password or KeePass. Never reuse a password across sites — if one service is breached, attackers will try that password everywhere.

Passwords, passphrases and bulk generation

Need something memorable? Use the memorable words option to generate passphrases like correct-horse-battery-staple that are easy to remember yet highly secure. Setting up many accounts or seeding a database? The generate many at once option creates up to 50 independent passwords in one go, ready to copy together or download as a text file. For the strongest possible accounts, pair any generated password with two-factor authentication using an authenticator app.

Looking for more free tools? Try the QR code generator, browser notepad, or browse all 122 free browser tools.

FAQ & Password Security Tips

Frequently Asked Questions — Password Generator

How secure are the generated passwords?

Passwords are generated using the browser's built-in crypto.getRandomValues() API — a cryptographically secure pseudo-random number generator (CSPRNG), the same source used by password managers and security software. It is suitable for admin accounts, API keys and any sensitive credential.

Is the password stored or sent anywhere?

No. The password is generated entirely in your browser's memory and is never transmitted to any server. Once you close or refresh the tab it is gone. Copy it to a password manager immediately after generating it.

How long should my password be?

At least 16 characters for general accounts and 32+ for admin, API and service accounts. Longer is always stronger — a 32-character fully random password with all character sets is effectively unbreakable with current technology.

Should I exclude ambiguous characters?

Excluding ambiguous characters (O vs 0, l vs 1, I vs |) is useful if a password needs to be typed by hand or read aloud. For passwords copied directly into a password manager, there is no benefit — keeping all characters increases the entropy pool and therefore the security of the password.

What is the difference between a password and a passphrase?

A random password mixes uppercase, lowercase, digits and symbols — maximally compact entropy per character. A passphrase uses a sequence of random words (e.g. correct-horse-battery-staple) that is easier to remember but longer. Both are strong when generated with a CSPRNG. This tool supports both modes.

Can I generate multiple passwords at once?

Yes. The bulk mode generates up to 50 passwords at once with your chosen settings. Each is independently generated using crypto.getRandomValues(). Copy them all in one click or download as a text file.

Is this tool free?

Yes, completely free. No account, no subscription, no ads. One of 122 free browser tools at jasperbernaers.com.

What makes a password strong?

Strength comes from length and randomness — not from clever substitutions like P@ssw0rd. A 16-character password drawn randomly from all four character sets has around 100 bits of entropy, which is effectively impossible to brute-force with current or foreseeable technology.

Are online password generators safe to use?

They're safe when the password is generated locally in your browser and never transmitted — which is exactly what this tool does via crypto.getRandomValues(). Avoid generators that build passwords on a server, always use HTTPS, and store the result in a password manager.

How often should I change my password?

Modern NIST guidance is to not rotate passwords on a fixed schedule. Use a long, unique password per account and only change it if there's evidence of a breach. Forced periodic changes push people toward weaker, predictable patterns.

Is a 16 or 32 character password better?

Both are very strong when fully random. 16 characters is plenty for everyday accounts. Reserve 32+ for high-value targets — encryption keys, master passwords, root/admin accounts and API credentials — where the extra entropy is worth the inconvenience.

Password Security Tips

How long should it be?
Use at least 12 characters for general accounts. For email, banking and work: 16+. For encryption keys or master passwords: 24+.
Why symbols matter
Adding symbols grows the character pool from 62 to 94, making brute-force attacks exponentially harder. A 12-char all-lowercase password has ~10¹⁷ combinations. With symbols: ~10²³.
Use a password manager
You don't need to remember strong passwords. Use Bitwarden (free), 1Password or KeePass. One strong master password protects everything.
Never reuse passwords
If one site is breached, attackers try your password everywhere. Unique passwords per site are non-negotiable. A manager makes this effortless.
Passphrases are strong too
4–5 random words like "correct-horse-battery-staple" are highly secure and much easier to remember. Entropy comes from randomness, not complexity.
Enable 2FA everywhere
A strong password + two-factor authentication makes accounts virtually unbreakable. Use an authenticator app (not SMS) where possible.
What is entropy?
Entropy (bits) measures unpredictability. 40 bits = weak, 60 bits = reasonable, 80+ bits = strong, 100+ bits = very strong. More bits = exponentially harder to crack.
Is this tool safe?
Yes. Passwords are generated using the browser's crypto.getRandomValues() — cryptographically secure randomness. Nothing is sent to any server.