๐Ÿ›ก๏ธ

Password Generator

Generate cryptographically strong passwords using crypto.getRandomValues. Never leaves your browser.

Settings
Length: 20
43264128
Custom charset (overrides above):
Generated Password
click to copy
0
Length
0
Charset
0 bit
Entropy
โ€”
Crack time

About Password Generator

This tool generates passwords using crypto.getRandomValues() โ€” the browser's cryptographically secure random number generator. You can configure length from 4 to 128 characters, choose which character sets to include (uppercase, lowercase, digits, symbols), exclude visually ambiguous characters, and even supply a fully custom charset.

Every password is generated entirely client-side and never transmitted anywhere. The entropy display and estimated crack time help you understand exactly how strong each output is relative to a modern brute-force attacker running a trillion guesses per second.

Common Use Cases

How to Use

  1. Drag the Length slider or type a number directly โ€” the password regenerates automatically
  2. Check or uncheck character set options; enable "Exclude ambiguous" to remove characters like 0, O, l, and I
  3. Click the generated password or the Copy button to copy it to your clipboard
  4. Use ร—5, ร—10, or ร—20 to generate a list of unique passwords at once, then copy all with one click

Frequently Asked Questions

What does "entropy" mean and why does it matter?

Entropy (measured in bits) quantifies how unpredictable a password is. It is calculated as length ร— logโ‚‚(charset size). A 20-character password drawn from all four character sets has roughly 131 bits of entropy โ€” meaning an attacker would need to try 2ยนยณยน combinations on average to crack it by brute force, which is computationally infeasible even with nation-state resources. Aim for at least 80 bits for personal accounts and 128+ bits for long-lived secrets.

Is it safe to generate passwords in a browser?

Yes, provided the page itself is trustworthy and your device is not compromised. This tool uses the same OS-level CSPRNG that security libraries use, generates everything locally, and makes no network requests. You can verify this by opening DevTools โ†’ Network and generating โ€” you will see zero outbound requests triggered by the generator logic.

What is the custom charset option for?

Some services enforce specific password policies that allow only a subset of symbols, or require special characters from a restricted list. The custom charset field lets you type exactly the characters you want to draw from, overriding the checkboxes entirely. For example, entering abcdefABCDEF0123456789 produces hex-only passwords useful for certain API token formats.

Advertisement