Online Dev Tools

Developer & Security Tools for IT Professionals

Fuel The Infrastructure

Password Generator

Runs locally in your browser No account required

Last reviewed: June 6, 2026 — interactive functionality verified end-to-end; data-handling summary added.

Generate strong random passwords or memorable passphrases — entirely in your browser.

Preset:

Output

About this tool

This password generator builds each password with crypto.getRandomValues() - the browser's cryptographically secure pseudo-random number generator (CSPRNG) - so the output is suitable for real passwords, not just throwaway placeholders. Everything runs locally in your browser. No password is ever sent anywhere, logged, or stored: close the tab and it's gone. You choose the length and which character sets to include, and the tool reports the approximate entropy of what it produced.

How it works

Each character is chosen from your selected set using cryptographically secure random values drawn from crypto.getRandomValues(), not Math.random(). For every position, a random 32-bit value is mapped onto the character set to pick one character. The strength estimate shown after generation is the standard entropy formula: length × log2(set size) bits. A longer password or a larger character set both increase that number, and more bits of entropy means more guesses an attacker would need on average.

Random characters vs. passphrases

Use Random characters for passwords a manager will store and autofill — maximum entropy per character, nothing to memorize. Use Passphrase mode for the handful of secrets you actually type (a device login, a disk-encryption key, a manager's master password): several random words are easier to type and remember while still strong, because the entropy comes from picking each word at random from the list. Words are drawn from a built-in list of a few hundred short, common words using the same secure random source; entropy per word is log2(list size), so more words means a stronger phrase. The Easier / Strong / Max presets just set sensible length, word-count, and character options for the current mode — tune anything afterward. To sanity-check any result, paste it into the Password Strength Checker.

Common use cases

  • New account passwords: Generate a unique, high-entropy password for each account you create and store it in a password manager rather than memorizing it.
  • Rotating a leaked credential: When a service reports a breach or you suspect a password is compromised, generate a fresh replacement here and update it everywhere the old one was used.
  • Generating API or test secrets: Produce random tokens, seed values, or throwaway secrets for development and testing without reaching for an external service.

Common mistakes

  • Using a short password so it's memorable: If a password is short enough to memorize easily, it is usually weak. Let a password manager remember a long random one for you instead.
  • Reusing one strong password everywhere: A single strong password is still a single point of failure - one breach exposes every account that shares it. Use a different password per site.
  • Excluding symbols unnecessarily: Dropping symbols shrinks the character set and lowers entropy. Only exclude them when a specific system genuinely rejects them.

FAQ

Is this random secure enough for real passwords?
Yes - it uses the Web Crypto getRandomValues CSPRNG, not Math.random.

Is anything sent to a server?
No - generation is entirely local in your browser.

How long should a password be?
16+ random characters is strong for most uses; for something you must type, a 4-5 word passphrase from a password manager is easier and still strong.

Related tools