Password Generator
Create high-entropy passwords resistant to brute-force and dictionary attacks. Supports up to 64 characters with customizable character sets.
Uses crypto.getRandomValues(). No data leaves your browser.
How to Use This Tool
Set your desired password length using the length input. Longer passwords are exponentially harder to crack — use at least 16 characters for accounts, 24+ for service accounts and API credentials.
Select which character types to include: uppercase letters (A-Z), lowercase letters (a-z), numbers (0-9), and special symbols (!@#$...). Including all four character types maximizes entropy.
Click "Generate" to produce a password using your browser's cryptographically secure random number generator. Copy it to your password manager immediately — do not store it in plaintext.
Code Examples
const crypto = require('crypto');
function generatePassword(length = 24, charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*') {
let password = '';
const randomBytes = crypto.randomBytes(length);
for (let i = 0; i < length; i++) {
password += charset[randomBytes[i] % charset.length];
}
return password;
}
console.log(generatePassword(24));Frequently Asked Questions
How long should a password be?
At minimum, 12 characters for personal accounts and 20+ characters for service accounts, API credentials, and database passwords. Length is the single most important factor — a 20-character random password is far stronger than a 10-character one with all character types. Use 32+ characters for anything that doesn't need to be memorized.
Should I use symbols in passwords?
Yes, when the service allows it. Including uppercase, lowercase, numbers, and symbols increases the character set size, making brute-force attacks harder. If a service restricts symbols, compensate by using a longer password.
Is a browser-generated password as secure as one from a dedicated password manager?
Yes — this tool uses crypto.getRandomValues() (the same Web Crypto API used by password managers like Bitwarden's web vault) to generate truly random passwords. The difference is that password managers also store and autofill passwords securely. Use this tool to generate the password, then store it in your password manager.
What is the "exclude similar characters" option?
This option removes visually ambiguous characters like 0 (zero) and O (capital letter o), 1 (one) and l (lowercase L), and I (capital i). Useful when the password will be typed by hand rather than copy-pasted. It slightly reduces entropy, so prefer longer passwords when using this option.