OOnDevice
PricingSign in

Password Generator

Generate strong, random passwords — right in your browser. Customize length, characters, and complexity.

Works offlineNothing uploaded

Weak
16

How to use it

1

Set password length

Choose the desired length for your password.

2

Select character types

Toggle uppercase, lowercase, numbers, and symbols.

3

Copy your password

Click copy to save the generated password to your clipboard.

When to use Password Generator

You got a HaveIBeenPwned alert for a credential you reused on three different services and now you need strong, distinct replacements for each account before the weekend is over. Pick a length, toggle the character classes you want — uppercase, lowercase, digits, symbols — and the Web Crypto API generates entropy you couldn't produce yourself by mashing a keyboard. The output is never transmitted anywhere and nothing is stored between sessions, so the passwords exist only in your clipboard and wherever you save them next. Useful for rotating shared service credentials, setting up a new API key vault entry, or generating the root password for a staging database that needs to meet a complexity policy.

  • Rotate credentials after a HaveIBeenPwned breach notification
  • Generate a root password meeting a corporate complexity policy
  • Create distinct service account passwords for a new AWS environment

About this tool

Need a strong password right now? Pick a length, toggle the character classes you want — uppercase, lowercase, numbers, symbols — and copy a fresh one in a click. Generation uses your browser's cryptographic random source (the Web Crypto API — the same one your bank's site uses under the hood), so the output is never transmitted anywhere and nothing is stored between sessions. Handy for signing up for a new service, rotating a password that appeared in a breach notification, or setting up a shared-access account. Generate in bulk if you need a batch — each one is independent.

Tips

  • Enable all four character classes — uppercase, lowercase, numbers, and symbols — for the broadest possible search space. A 16-character password using all classes gives you well over 90 bits of entropy.
  • Aim for at least 16 characters for accounts that matter. Many sites still enforce an 8-character minimum, but doubling that length squares the difficulty of a brute-force attack.
  • Generate a fresh password for each account rather than reusing variants. Reuse means a single breach can unlock multiple services — treat every account as its own isolated secret.

Frequently asked

Is this password generator private? Is my password sent anywhere?
Nothing leaves your device. The tool calls <code>crypto.getRandomValues()</code> — a browser-native Web Crypto API function — entirely within your tab. No network request is made, no server receives the output, and closing the tab destroys any trace of the generated password.
Are the passwords truly random?
Yes, they use cryptographically secure randomness. <code>crypto.getRandomValues()</code> is seeded by your operating system's entropy pool — the same source used for TLS key generation. This is fundamentally different from a math-based pseudo-random function that could be predicted if an attacker knew the seed.
How much entropy does a generated password have?
With all four character classes enabled, the pool is 94 printable ASCII characters. A 16-character password drawn from that pool gives roughly 105 bits of entropy (log₂(94¹⁶)), which is beyond the reach of any practical brute-force attack today. Dropping to symbols-off reduces the pool to 62 characters and lowers entropy to about 95 bits — still very strong.
What is the maximum password length?
The length slider goes from 4 to 64 characters. Most services cap accepted passwords well below 64, but you can use the full range for local secrets, encryption passphrases, or API keys stored in a password manager.
Does the tool exclude ambiguous characters like O, 0, l, and 1?
No — all characters in the enabled classes are included. The full uppercase set is A–Z, lowercase a–z, digits 0–9, and the symbol set is <code>!@#$%^&*()_+-=[]{}|;:,.<>?</code>. If a service you're setting a password for flags look-alike characters, regenerate until you get one without them, or store it directly in a password manager where you'll never need to type it by hand.
Can I use this tool offline?
Yes. Once the page has loaded, the generator works without a network connection. The underlying <code>crypto.getRandomValues()</code> call is a synchronous browser API with no external dependency. If you need to generate passwords on an air-gapped machine, load the page once while online, then disconnect.
Is the generated password ever stored or logged?
No password value is written to localStorage, sessionStorage, cookies, or any server log. The string exists only in the React component's state while the tab is open. Navigating away or refreshing the page discards it entirely — the only persistent copy is wherever you choose to save it yourself.

Related tools

JSON Formatter

Paste messy JSON — get it beautifully formatted, validated, and unescaped. Runs entirely in your browser.

XML Formatter

Format or minify XML with syntax highlighting — right in your browser. Validates structure and highlights errors.

YAML Formatter

Format, validate, and convert YAML — right in your browser. Paste messy YAML and get it beautified with error highlighting.

Code Minifier

Minify HTML, CSS, and JavaScript — right in your browser. See original vs minified size with percentage reduction.

Base64 Encoder/Decoder

Encode text or files to Base64, or decode Base64 back — right in your browser. Supports text and file mode.

URL Encoder/Decoder

Encode or decode URLs and query strings — right in your browser. Uses encodeURIComponent and decodeURIComponent.

PDF Converter

Convert between PDF and image formats right in your browser. JPG to PDF, PNG to PDF, WebP to PDF, PDF to JPG, PDF to PNG.

PDF to Text

Extract all text content from a PDF — right in your browser. Copy to clipboard or download as a .txt file.