Yes. Completely free, no signup, no limits. Generation happens entirely in your browser.

100% browser-based · Cryptographically secure · No upload

Password Generator

Generate strong passwords in your browser. Pick length, mix in uppercase/digits/symbols, optionally exclude ambiguous characters (0/O, 1/l/I), and see live entropy estimates. Cryptographically secure — uses crypto.getRandomValues(). Nothing leaves your machine.

Options

Length

How many

Lowercaseabcdef…xyz UppercaseABCDEF…XYZ Digits0-9 Symbols!@#$%^&*()-_=+[]{}|;:,.<>? Exclude ambiguousDrop 0/O, 1/l/I

Generated IDs

Random ID instead

Length

Charset size

Entropy

—

Status

Ready

Example

Entropy = strength

A password's strength is its entropy: length × log₂(charset_size). Aim for 80+ bits for online accounts, 100+ for high-value secrets.

Examples

k9!Xz2#mQ4&LpV8
↑ 16 chars, all 4 charsets
≈ 104 bits of entropy — strong

12345678 → 26 bits — useless
correct horse battery staple
↑ 4 words × 14 bits ≈ 56 bits

Strength bands

< 40 bits  → crackable in seconds
40-60 bits → online attacks
60-80 bits → offline-safe today
80-100 bits → safe medium-term
> 100 bits → safe for decades

Use cases

What you'll use this for

UUIDs are the universal "give me a unique identifier" tool — no central coordination required.

Password manager entries

16-character mixed-charset passwords for any account — 1Password, Bitwarden, etc.

Server / DB passwords

Long, symbol-rich passwords for service accounts. Paste once into the secrets store.

Wi-Fi passphrases

Disable ambiguous chars so guests can type it from a printed card without confusion.

Rotation

Bulk-generate when rotating credentials across a fleet of services.

Step by step

How to generate strong passwords

Set length

16 is a good default. Use 20+ for sensitive accounts. Anything below 12 is risky.

Toggle charsets

Enable lower, upper, digits, symbols. More charsets = higher entropy per character.

Exclude ambiguous?

Turn on if humans will type the password — drops 0/O, 1/l/I.

Copy and store

Click copy, then paste into your password manager. Never email passwords.

FAQ

Frequently asked questions

How long should a password be?

For mixed-charset passwords stored in a manager, 16 characters gives over 80 bits of entropy. NIST 800-63B recommends a minimum of 64 bits of entropy.

Are the passwords cryptographically secure?

Yes. Generated with crypto.getRandomValues() — the same RNG the browser uses for TLS. Never use Math.random() for passwords; it's predictable.

Does the generator leak my passwords?

No. Everything runs in your browser. No network calls happen during generation. Look at the page source if you want to verify.

Should I exclude ambiguous characters?

Only if someone will type the password by hand (Wi-Fi passphrases, sticky-note creds). For password-manager use, leave it off — every character of entropy counts.

Is it free?

Yes. No signup, no limits, no ads. Generation happens entirely in your browser via the Web Crypto API.

About

About strong passwords

A strong password is random and long. Memorability isn't a goal — that's what a password manager is for.

Entropy guidelines (NIST 800-63B)

≥ 64 bits — minimum for any password.
80 bits — comfortable margin for most accounts.
100+ bits — high-value secrets (encryption keys, root accounts).

Charset sizes

Lowercase only: 26 (4.7 bits/char)
+ Uppercase: 52 (5.7 bits/char)
+ Digits: 62 (5.95 bits/char)
+ Symbols: ~95 (6.55 bits/char)

Tips

Use a password manager — every account gets a unique generated password.
Enable 2FA wherever possible; it backstops password leaks.
Never reuse passwords across sites — credential stuffing is the #1 attack today.