Password Generator

Create strong, random passwords with adjustable length, lowercase, uppercase, digit and symbol sets, and ambiguous-character filtering, all in your browser.

Loading tool…

Password GeneratorGenerate strong, random passwords with full control over length, character sets, and how many you make at once. Pick lowercase, uppercase, digits and symbols, optionally drop look-alike characters, and read the entropy of each result in bits. Every password is generated locally with the Web Crypto API (crypto.getRandomValues) and never leaves your browser.

What is Password Generator?

The Password Generator is a free online tool that builds strong, unpredictable passwords for any login, database account, API key, or Wi-Fi network. Set the length anywhere from 4 to 128 characters with the slider or number field, then toggle which character sets to include: lowercase, uppercase, digits, and symbols. Turn on Exclude ambiguous characters to drop look-alikes like 0/O and 1/l/I so passwords are easier to type and read aloud. Generate up to 50 at once, copy any single value or the whole list, and check the live entropy readout in bits to judge strength. Randomness comes from the Web Crypto API's crypto.getRandomValues using rejection sampling, so there is no modulo bias and every character is uniformly chosen.

How to use Password Generator

  1. Set the password length with the slider or the number field (4 to 128 characters).
  2. Open the settings (gear) and choose which character sets to include: lowercase, uppercase, digits, and symbols.
  3. Optionally tick Exclude ambiguous characters to remove look-alikes such as 0, O, l, 1 and I.
  4. Enter how many passwords you want in the Count field (1 to 50).
  5. Click Generate to mint a fresh batch; watch the Entropy and Strength stats update as you change options.
  6. Copy a single password with its row button, or use the copy button by the list to grab them all.

Examples

16-character all-sets password

Length 16 with lowercase, uppercase and digits on produces a value like k7Rm2Qp9xZ4nVb3T with around 95 bits of entropy, shown as Very strong. The exact value is random every time you click Generate.

Symbols on for a high-strength secret

Turn on Symbols and set length 24 to include characters like !@#$%^&* . Entropy climbs past 150 bits, suitable for a root account or a long-lived API secret that should resist brute-force attacks.

Readable PIN-style batch without look-alikes

Tick Exclude ambiguous characters, keep digits and lowercase, set Count to 10 and Generate. You get ten easy-to-read passwords with no 0/O or 1/l/I confusion, handy for handing out temporary credentials.

Frequently asked questions

Is the password generation secure and unbiased?
Yes. Each character is drawn from the Web Crypto API's crypto.getRandomValues, a cryptographically secure random source, using rejection sampling instead of a plain modulo, so there is no statistical bias toward any character in the pool.
What is the entropy number in bits?
Entropy estimates how hard the password is to guess: it equals the length times the base-2 logarithm of the size of your character pool. More character sets and greater length raise the bits; roughly 40 bits is weak, 64 fair, 100 strong, and above that very strong.
What does Exclude ambiguous characters do?
It removes characters that are easy to confuse when read or typed, such as the digit 0 versus the letter O, and 1 versus lowercase l versus uppercase I. The passwords stay random but become easier to copy by hand or read aloud.
How long and how many passwords can I make?
Length ranges from 4 to 128 characters, and you can generate from 1 up to 50 passwords in a single batch. Values outside those ranges are clamped before generating.
Are my passwords sent to a server?
No. Every password is generated entirely in your browser with the Web Crypto API. Nothing is uploaded, logged, or stored on any server, so the tool works offline and your secrets stay private.

Related tools

AES Text Encryption (AES-GCM + PBKDF2)

Encrypt and decrypt text with AES-256-GCM using a passphrase-derived key (PBKDF2 SHA-256, random salt), entirely in your browser with no uploads.

HMAC Generator

Compute an HMAC signature from any message and a secret key using SHA-1, SHA-256, SHA-384 or SHA-512, with hexadecimal or Base64 output, live in your browser.

JWT Tools — Decode, Verify & Sign

Decode JWTs, verify HS, RS and ES signatures with a secret or PEM public key, and sign new HS tokens — all entirely in your browser.

TOTP Generator

Turn a base32 secret into a live TOTP two-factor authentication code with a chosen 6 or 8 digit length and time period, entirely in your browser.