Password Generator

Generate strong, random passwords with entropy score and crack time estimate.

Ad · 728×90
Length
16 128
Character Types
Options
Click Generate
Entropy
bits
Online (throttled)
Offline (fast hash)
Offline (GPU array)
Bulk Generate
Click "Generate all" to create multiple passwords at once.
Ad · Responsive

What is a Password Generator?

A password generator creates random passwords by combining characters from a pool you define — uppercase letters, lowercase letters, numbers, and symbols. Because the passwords are random rather than based on words or patterns, they are far more resistant to brute-force and dictionary attacks than passwords humans invent themselves.

This generator uses the browser's Web Crypto API (crypto.getRandomValues()) to produce cryptographically secure random numbers — the same standard used in security software. Your passwords are generated locally and never sent to any server.

What is Password Entropy?

Entropy measures how unpredictable a password is, expressed in bits. The formula is log₂(pool size) × length. A 16-character password using all four character types draws from a pool of 94 characters, giving log₂(94) × 16 ≈ 104 bits of entropy.

The crack time estimates show how long it would take to exhaust all possible combinations at three attack speeds: a throttled online login (100 guesses/second), a fast offline hash (10 billion/second), and a large GPU array (100 trillion/second). Even at GPU-array speed, a 128-bit password would take longer than the age of the universe to crack.

How to Use

  1. Set your desired password length using the slider (default: 16 characters).
  2. Toggle the character types you want to include. Using all four gives the strongest passwords.
  3. Optionally enable Exclude ambiguous characters to avoid characters like 0 O 1 l that are hard to distinguish visually — useful for passwords you type manually.
  4. Click Generate Password. The entropy score and crack time estimates update immediately.
  5. Click the 📋 button or anywhere on the password to copy it.
  6. Use Bulk Generate to create up to 20 passwords at once — each with its own copy button.

Frequently Asked Questions

For most accounts, 16 characters using all four character types gives ~104 bits of entropy — far beyond what any current attack can crack in a reasonable timeframe. For high-value accounts (banking, email, password manager master password), use 20–32 characters. If you use a password manager, there's no reason not to use 32+ characters everywhere since you never need to type them. Length matters more than complexity — a 20-character lowercase-only password has more entropy than a 10-character mixed-case one.

Yes. This tool uses crypto.getRandomValues(), part of the Web Crypto API built into all modern browsers. This generates cryptographically secure random numbers seeded from the OS's entropy pool — the same approach used by security tools and password managers. It is not the same as Math.random(), which is pseudorandom and unsuitable for security purposes.

Never. Even a perfect password becomes a liability when reused, because credential stuffing attacks take breached passwords from one site and automatically try them on others. When a site is breached (and breaches happen constantly — check haveibeenpwned.com), every account using that password is compromised. Use a unique password for every account. A password manager makes this effortless.

A random 16-character password like K7#mP2xQnR$vL9wZ is cryptographically strong but impossible to remember. A passphrase like "correct-horse-battery-staple" (four random common words) is weaker per character but often has comparable entropy while being memorisable. For passwords stored in a password manager, use maximum-strength random passwords. For your password manager's master password — the one you must memorise — a long passphrase is often the better choice.

No. Every password is generated locally in your browser using JavaScript. Nothing is sent to any server, stored in any database, or logged in any way. You can verify this by opening your browser's DevTools Network tab — you'll see zero outbound requests when generating passwords. The only network requests on this page are loading Bootstrap CSS/JS from a CDN and the page itself.
🆔 UUID Generator Generate v1 & v4 UUIDs in bulk 🎲 Random Name Picker Pick a random name from your list 🔄 Base64 Encoder Encode & decode Base64 strings 📄 JSON Formatter Format and validate JSON instantly 📊 Word Counter Count words, characters and reading time 🪙 Coin Toss Flip a fair virtual coin
Ad · Responsive