Password Generator

The generator uses your browser's built-in cryptographic random number generator (the Web Crypto API) to select characters from the character sets you enable. This is the same source of randomness used by security-focused applications, making it far more unpredictable than Math.random(). No password is ever sent to or stored on a server.

A strong password is long (at least 16 characters) and uses a mix of uppercase letters, lowercase letters, numbers, and symbols. Length is the most important factor — each additional character multiplies the number of possible combinations exponentially. A 20-character password mixing all character types has trillions of times more combinations than a 10-character one.

For most accounts, 16 characters is a good minimum. For highly sensitive accounts like banking or email, use 20 or more characters. If you use a password manager (recommended), password length is not a usability problem — you never need to type or remember the password yourself.

This generator is safe because all processing happens in your browser using the Web Crypto API — no data is transmitted anywhere. You can even disconnect from the internet before generating a password for extra peace of mind. Avoid generators that require you to submit a form or that show a loading spinner, as those may be processing passwords server-side.

Yes, strongly recommended. A password manager lets you generate and store a unique, strong password for every account without needing to remember any of them. This prevents the most common security mistake: reusing the same password across multiple sites. Popular options include Bitwarden (free, open source), 1Password, and KeePass.