Password Generator
Generate strong, secure random passwords. Powered by cryptographic randomness. 100% client-side.
About Password Security
Passwords are generated using crypto.getRandomValues() — a cryptographically secure random number generator built into your browser. Your passwords never leave your device — everything runs locally.
A strong password should be at least 12 characters long and include a mix of uppercase, lowercase, numbers, and symbols. For maximum security, use 16+ characters. The entropy indicator shows the theoretical strength — aim for 80+ bits for important accounts.
Frequently Asked Questions
Are the passwords generated securely?
Yes. We use the Web Crypto API (crypto.getRandomValues) — a cryptographically secure pseudorandom number generator (CSPRNG) built into your browser. It's the same technology used by password managers like 1Password and Bitwarden.
Do you store or send my passwords?
No. Everything runs 100% in your browser. Your passwords are never sent to any server. There are no analytics, cookies, or tracking on the generated passwords. You can verify this by disconnecting from the internet and generating passwords — it still works.
How long should my password be?
For most accounts, 12-16 characters is sufficient. For high-security accounts (banking, email, password manager master password), use 20+ characters. Every additional character exponentially increases the time needed to crack your password.
What is password entropy?
Entropy measures the randomness of a password in bits. Higher entropy = harder to crack. A 16-character password with uppercase, lowercase, numbers, and symbols has about 105 bits of entropy. 80+ bits is considered strong for most purposes. 128+ bits is effectively uncrackable with current technology.
Should I use symbols in my password?
Yes, when possible. Including symbols significantly increases the character pool (from ~62 to ~90 characters), making brute-force attacks much harder. Some sites restrict certain symbols — in that case, compensate with a longer password.
How often should I change my passwords?
NIST (National Institute of Standards and Technology) no longer recommends regular password changes unless you suspect a breach. Instead, use unique, strong passwords for each account and enable two-factor authentication (2FA) wherever possible.