What characters are included in the symbols set?

The symbols set includes: ! @ # $ % ^ & * ( ) - _ = + [ ] { } | ; : , . ? These are broadly accepted by most websites and services without causing compatibility issues.

100% browser-based · zero uploads

Password Generator

Generate strong, random passwords in seconds — no sign-up, no uploads, nothing to install. Adjust the length and character types, then copy your new password straight to the clipboard. Everything runs right here in your browser using your device's cryptographic random number generator — the same entropy source used by professional password managers and TLS certificate generation — so your passwords are never transmitted, stored, or seen by anyone but you.

Password length16

8128

Include characters

Uppercase (A–Z)Lowercase (a–z)Numbers (0–9)Symbols (!@#$…)

Number of passwords

How It Works

This free online password generator creates strong, unique passwords instantly in your browser — nothing is ever sent to a server.

1. Pick your length

Drag the slider anywhere from 8 to 128 characters. Most security experts recommend at least 16 characters for everyday accounts and 20 or more for anything sensitive like email or banking.
2. Choose what to include

Tick uppercase letters, lowercase letters, numbers, and symbols. Every type you add increases the number of possible combinations — turning a 16-character all-lowercase password into one that would take billions of years to crack by brute force.
3. Hit Generate

Your browser's built-in cryptographic random number generator selects each character. There is no upload step, no waiting for a server — the result appears instantly. Each password is guaranteed to include at least one character from every type you selected. A NIST SP 800-63B-aligned entropy meter shows the exact bit strength of your settings so you always know how strong your password is before you even copy it.
4. Copy and use it

Click Copy next to any password to send it to your clipboard, then paste it straight into your password manager or the site you're signing up for. The password leaves your browser only when you paste it yourself.

Why users love this tool

Your passwords never leave your device — everything is generated in your browser; no password is ever stored, logged, or transmitted.
Results in milliseconds — because there is no server round-trip, every password appears the moment you click Generate.
Truly random — uses the same cryptographic source as professional password managers, not a predictable pseudorandom formula.
Works on any device — phone, tablet, or desktop; no app or installation needed.
Completely free — no account, no limits, no catches.

How It Works: Secure Client-Side Password Generation

Most online password generators send a request to a server and return the result over the network — introducing a point where your password could be intercepted or logged. This tool generates passwords completely within your browser using the Web Crypto API.

Web Crypto API — `crypto.getRandomValues()`

Every character is selected using crypto.getRandomValues(), which fills a Uint32Array with values from the operating system's CSPRNG (Cryptographically Secure Pseudo-Random Number Generator). This is the same entropy source used by TLS key generation and password managers — not the weaker Math.random().

Rejection Sampling to Eliminate Modulo Bias

A naive value % charsetLength mapping introduces statistical bias toward lower-indexed characters when the charset size does not evenly divide 2³². This tool uses rejection sampling: random values beyond the largest multiple of the charset size are discarded and a new value is drawn, producing a perfectly uniform distribution across all characters.

Guaranteed Character Coverage + Fisher-Yates Shuffle

To ensure at least one character from each selected type appears (a requirement for many site password policies), the generator first picks one character from each active charset, fills the remainder from the combined pool, then shuffles the full array in-place using the Fisher-Yates algorithm driven by crypto.getRandomValues(). This ensures the guaranteed characters are not predictably positioned at the start.

Entropy-Based Strength Assessment (NIST SP 800-63B-Aligned)

Unlike checkers that scan the generated text using heuristic rules, this tool measures strength directly from the generation parameters using the exact formula: entropy (bits) = length × log₂(charsetSize). Because the charset is fully determined before generation, the result is mathematically precise — not an estimate. Thresholds follow NIST SP 800-63B guidance: under 40 bits is Weak, 40–79 bits is Fair, 80–99 bits is Strong, and 100 or more bits is Very Strong. The default configuration (16 characters, all four types, 88-character combined charset) yields approximately 103 bits — comfortably Very Strong. Entropy bits are shown alongside the strength label so you can make informed decisions about length and charset.

Privacy & Speed

No data transmission — all logic runs in JavaScript inside your browser tab. Generated passwords reside only in React state (RAM) and are released when the tab is closed.
Zero latency — no network request means passwords appear in under a millisecond, even for lengths of 128 characters.
Clipboard API — the Copy button uses navigator.clipboard.writeText(), a secure async API that requires user gesture and HTTPS, preventing silent clipboard access by other scripts.

Frequently Asked Questions

Are my generated passwords sent to your server?

No. All generation happens locally in your browser using the Web Crypto API. Your passwords are never transmitted to or stored on any server.

Is this password generator truly random?

Yes. It uses crypto.getRandomValues() — the browser's CSPRNG — the same entropy source used by professional password managers, TLS certificate generation, and OS-level key derivation. This is not the statistically weak Math.random(). Rejection sampling eliminates modulo bias so every character in your chosen charset has an exactly equal probability of selection. This approach meets OWASP requirements for cryptographic randomness in password generation.

How long should a strong password be?

NIST SP 800-63B sets a minimum of 8 characters for generated passwords and strongly encourages longer values. 16 characters with all four character types produces approximately 103 bits of entropy — Very Strong by any industry standard. For high-value accounts (email, banking, your password manager master password), 20+ characters exceeds 129 bits, making brute-force computationally infeasible for any foreseeable attacker.

Is this password generator free?

Yes, completely free. No account, no sign-up, and no hidden charges.

What symbols are included?

The symbols set is: ! @ # $ % ^ & * ( ) - _ = + [ ] { } | ; : , . < > ? These are widely accepted by most websites — rarer characters like backticks or backslashes are excluded to avoid compatibility issues.

Can I generate multiple passwords at once?

Yes. Select 1, 3, 5, or 10 from the count option before clicking Generate. Each password is independently generated — they share no characters with each other.

Does it work on mobile?

Yes. The tool runs in any modern browser on any device — phone, tablet, or desktop. No app or download required.

How It Works

1. Pick your length

2. Choose what to include

3. Hit Generate

4. Copy and use it