Password Generator Online — Secure Random Passwords
Generate strong, cryptographically random passwords online. Choose length and character sets. Free, browser-based.
Weak passwords are one of the most common causes of account compromise. This tool generates cryptographically secure random passwords using the browser's Web Crypto API (crypto.getRandomValues), which produces true random numbers suitable for security purposes. You can configure the password length (8 to 128 characters) and which character sets to include. A password strength indicator shows the estimated strength of the generated password.
How to use
- Use the slider to set the desired password length (8–128 characters). Enable the character sets you want to include.
- Click 'Generate Password' to create a cryptographically random password.
- Click 'Copy' to copy the password to clipboard. Generate as many times as you like.
FAQ
Is the password generator truly random?
Yes. The password is generated using crypto.getRandomValues(), which is the browser's cryptographically secure pseudorandom number generator (CSPRNG). This is the same source of randomness used for cryptographic operations in the browser. It is seeded by the operating system's entropy sources and produces unpredictable, high-quality random numbers suitable for generating security credentials.
What makes a password strong?
Password strength is determined by the number of possible passwords (the search space). A longer password from a larger character set is exponentially harder to guess. A 16-character password using uppercase, lowercase, numbers, and symbols has a search space of 95^16 ≈ 4×10^31 combinations — at a rate of 10 billion guesses per second, it would take billions of years to crack by brute force. The strength indicator shows Weak, Fair, Strong, or Very Strong based on length and character variety.
How is the password strength calculated?
Strength is estimated from the password's entropy: the number of bits needed to represent the search space (log2 of the number of possible passwords). Entropy below 40 bits is Weak, 40-59 bits is Fair, 60-79 bits is Strong, and 80+ bits is Very Strong. This is a mathematical estimate of brute-force resistance and does not check against dictionaries of common passwords.
Should I include symbols in my password?
Yes, if the service supports it. Adding symbols expands the character set from 62 characters (uppercase + lowercase + digits) to 94 characters, multiplying the number of possible passwords by ~1.5 per character. Some systems do not support all symbol characters in passwords, which is why symbols are optional. If a site rejects your generated password, try regenerating without symbols.
What symbols are included?
The symbols character set includes: ! @ # $ % ^ & * ( ) _ + - = [ ] { } | ; ' : , . / < > ?. This covers the most commonly used symbol characters in passwords. Some special characters like backtick, backslash, double quote, and space are excluded as they may cause issues in certain contexts (shell scripts, config files, copy-paste).
Is the generated password stored anywhere?
No. The password exists only in your browser's memory and is displayed on screen. It is never sent to any server, never logged, and never stored. When you navigate away from the page or close the tab, the password is gone. Copy it immediately to a password manager.