Password Generator
Generate strong, unique passwords instantly. Runs entirely in your browser — nothing is sent or stored.
A cryptographically random mix of characters — the highest possible security. Best used with a password manager so you never have to remember it.
A sequence of random words that is easy to recall but hard to crack. Ideal for master passwords, device logins, or anywhere you need to type it from memory.
Already have a password? Paste it here to instantly see its entropy score, estimated crack time, and whether it is strong enough to trust. Nothing leaves your device.
A 16-character random password is exponentially harder to crack than an 8-character one with symbols. Every extra character multiplies the search space. Aim for at least 16 characters for important accounts.
Predictable patterns — keyboard walks like qwerty123, substitutions like p@ssw0rd — are the first thing attackers try. True randomness, generated by your browser's cryptographic API, is what makes a password unguessable.
When a site is breached, attackers test leaked passwords against every other service you use. A unique password per account limits the blast radius of any single breach to just that one account.
You don't need to memorise dozens of random passwords. A password manager stores them all behind one strong master password. Use the Memorable mode here to generate a master password you can actually remember.
How long should a password be? +
For most accounts, 16 characters is a practical minimum. At 16 characters with mixed character types, a password has over 100 bits of entropy — enough to take billions of years to crack at 1 trillion guesses per second. For highly sensitive accounts like banking or email, 20+ characters is recommended. Passphrases of 4–6 random words are also highly secure and far easier to type.
What is the difference between a random password and a passphrase? +
A random password uses a mix of letters, numbers, and symbols drawn from a pool of characters — very high entropy per character but hard to remember. A passphrase strings together several random words, producing high entropy through length rather than complexity. Both are strong when generated randomly. Passphrases are better for passwords you must memorise; random passwords are better for everything stored in a password manager.
Is it safe to generate passwords in a browser? +
Yes — this tool uses window.crypto.getRandomValues(), the browser's built-in cryptographic random number generator, which is the same standard used in security software and operating systems. Crucially, all generation happens locally in your browser. No password is ever transmitted to a server, logged, or stored anywhere. You can even disconnect from the internet and the tool will still work.
What does password entropy mean? +
Entropy, measured in bits, describes how unpredictable a password is. Each bit doubles the number of possible passwords an attacker must try. A password with 40 bits of entropy has about 1 trillion possible values; one with 80 bits has over 1 septillion. As a rule of thumb: under 40 bits is weak, 60–80 bits is good, and 100+ bits is considered extremely strong against brute-force attacks even with future hardware.
Should I use a password manager? +
Yes — a password manager is the single most effective security improvement most people can make. It lets you use a unique, randomly generated password for every account without memorising any of them. You only need to remember one strong master password. Use the Memorable Passphrase mode on this page to generate a master password you can actually remember.