Secure Password Generator
Secure Password Generator
Create cryptographically random passwords and passphrases locally in your browser.
Private by design: Web Crypto only, no network submission.
Choose a format
15+ characters is the safer baseline for a password used by itself.
Advanced and batch settings
Generated secret
Very strong · 154.2 bits
Choose valid settings to generate a result.Result
0passwords
0 characters across a 90-character set. Selected classes are guaranteed.
Use it safely
- Use a unique password for every account and store it in a password manager.
- Enable multi-factor authentication where available.
- Clipboard contents may remain available to other apps after copying.
How the strength estimate works
Entropy is calculated from this generator's valid output space. Under an illustrative offline attack averaging 10 billion guesses per second, the midpoint search time is about 10^28 years. Real risk depends on server hashing, breaches, reuse, phishing, and account protections; this is not a breach prediction.
Flow
- Select one or more character classes.
- Sample the full password with Web Crypto.
- Reject and resample only when a selected class is missing.
- Calculate entropy from the same valid output space used by generation.
Example
Worked example: 20-character password
- 1 Choose the Recommended 20 preset.
- 2 The tool samples locally until every selected character class is present.
- 3 Copy the masked result into your password manager without needing to reveal it.
A unique 20-character password is generated with Web Crypto and no server submission.
How
- Choose Random password or Passphrase.
- Use the recommended preset or adjust length and allowed characters.
- Copy the result directly into a password manager, then clear the generated secret.
Cases
- Create a unique password for a personal or work account.
- Generate a long secret for a password manager.
- Produce private test credentials or a local batch for QA.
Avoid
- Selecting no character classes before generation.
- Using fewer than 15 characters for a password that is the only authentication factor.
- Reusing a generated password across accounts or leaving it in clipboard history.
FAQ
How long should a generated password be?
For a password used as a single authentication factor, current NIST guidance sets a 15-character minimum. Longer unique passwords remain safer, especially when a site limits character variety.
Does the generator guarantee selected character classes?
Yes. It uses rejection sampling so every accepted password contains each selected class while remaining uniform across the valid output space.
Are generated passwords stored or sent to a server?
No. Generation runs locally with Web Crypto, output is masked by default, and this tool does not add generated secrets to its result-history component.
Switch
Switch12
No match.