Password Generator
Generate strong, random passwords with custom rules.
This tool is for informational and educational purposes only. It is not a substitute for professional financial, medical, legal, or engineering advice. See Terms of Service.
Can't find what you need?
Request a ToolHow to Use the Password Generator
Adjust the settings and click Generate Password (or the page generates one automatically). Here is what each option does:
- Length. Drag the slider to set your password length from 4 to 128 characters. Longer passwords are always stronger. 16 characters is a good minimum for accounts that matter.
- Character sets. Check or uncheck Uppercase, Lowercase, Numbers, and Symbols. Every enabled set is guaranteed to appear at least once in the generated password.
- Strength score. The strength label (Weak / Fair / Strong / Very Strong) is based on entropy in bits. Entropy measures how many possible combinations exist for a password of that length and character pool size.
- Copy. Click Copy to copy just the password to your clipboard, then paste it into your password manager or account settings.
About Password Security
Entropy is calculated as log2(poolSize^length). A 16-character password using all four character sets (94 possible characters) has about 105 bits of entropy, which is effectively uncrackable with current hardware even using a brute-force attack. A 12-character password with only lowercase letters (26 characters) has about 56 bits, which is marginal and can be cracked in days with a GPU cluster. The minimum recommendation from NIST (SP 800-63B) is 8 characters with no composition requirements, but in practice 12 or more characters with mixed character sets is safer. Generated passwords never leave your browser: the generation uses the Web Crypto API's cryptographically secure random number generator.
Frequently Asked Questions
How long should a password be?
NIST recommends a minimum of 8 characters, but security professionals recommend 12 to 16 characters for most accounts and 20 or more for high-value accounts like email, banking, and password managers. Length is the most important factor: a random 16-character lowercase password is harder to crack than a 10-character mixed-case password with symbols.
What is password entropy?
Entropy measures the unpredictability of a password in bits. It is calculated as log2(pool size raised to the power of password length). A password with 50 bits of entropy means an attacker would need to try about 2^50 (roughly 1 quadrillion) combinations to guarantee finding it. At 100 billion guesses per second (modern GPU speed), that takes about 117 days. At 70 bits, it takes millennia.
Is this password generator secure?
Yes. This generator uses the Web Crypto API (crypto.getRandomValues) in supporting browsers, which provides cryptographically secure random numbers. Generated passwords are never transmitted to any server. The generation code runs entirely in your browser, and the password only exists in your browser's memory until you copy it and close the tab.
Should I use a password manager?
Yes. A password manager (such as Bitwarden, 1Password, or KeePass) lets you generate and store unique random passwords for every account without needing to remember them. This is far safer than reusing passwords or using weak passwords you can memorize. Generate a password here, copy it, and paste it directly into your password manager when creating or updating an account.