Generate strong, cryptographically secure passwords instantly. Customize length and character sets to meet any requirements. All processing happens locally in your browser.
Time estimates: Single GPU = RTX 4090 (164 billion hashes/sec). Nation-state = 1 quadrillion hashes/sec. Based on fast hashes (MD5). Slow hashes like bcrypt are ~1 million times harder to crack.
Saved Presets is a Supporter feature.
Tool History is a Supporter feature.
Tool Notes is a Supporter feature.
Use the slider or type a number to set password length (8-128 characters). For most accounts, 16 characters is a good balance of security and usability.
Select which types of characters to include. Using all four types (uppercase, lowercase, numbers, symbols) creates the strongest passwords.
Click "Generate" to create your password(s). Check the strength indicator to ensure it meets your security needs. Regenerate if you want different options.
Click the copy button to copy your password. Store it in a password manager - never save passwords in plain text files or browser notes.
This tool uses the Web Crypto API's getRandomValues() function, which is backed by your operating system's cryptographically secure pseudo-random number generator (CSPRNG). This ensures unpredictable, uniform randomness suitable for security applications.
Build character set from selected options (uppercase, lowercase, numbers, symbols). Optionally remove ambiguous characters (O, 0, I, l, 1). Generate array of cryptographically random 32-bit integers. Map each random integer to a character in the charset using modulo. Combine characters to form the final password.
Password entropy is measured in bits and calculated as: length x log2(charset size). For example, a 16-character password using all 94 printable ASCII characters has ~105 bits of entropy. More entropy = harder to crack.
Weak (<40 bits): Crackable in seconds. Fair (40-49 bits): Crackable in hours. Good (50-59 bits): Crackable in weeks. Strong (60-79 bits): Crackable in centuries. Very Strong (80-99 bits): Crackable in millennia. Fortress (100-149 bits): Billions of years. Ludicrous (150+ bits): Mathematically impossible to crack.
Use unique passwords for each account. Never reuse passwords across sites. Store passwords in a reputable password manager. Enable two-factor authentication when available. Change passwords if a service reports a breach.
All password generation happens entirely in your browser. No passwords, settings, or any data is transmitted to our servers. Your generated passwords exist only in your browser's memory until you copy them or leave the page.
Yes, our passwords are generated using the Web Crypto API (crypto.getRandomValues()), which provides cryptographically secure random numbers. This is the same standard used by banks and security applications.
