Password Generator
The password generator creates cryptographically random passwords using your browser's secure random number API. Choose the length (8-64 characters), select which character types to include — uppercase, lowercase, numbers, and symbols — and generate one or multiple passwords at once. A visual strength meter rates each password and tells you why a long, mixed-character password is dramatically harder to crack than a short one.
How to Use
- Choose a password length. Twelve characters is a reasonable minimum, while sixteen or more is better for important accounts.
- Select the character types allowed by the website or app where the password will be used.
- Enter how many passwords you want to generate, from one to ten.
- Click Generate Passwords and review the strength meter below each result.
- Use the Copy button to place a password on your clipboard, then store it in a password manager.
Password Strength Formula
Entropy increases when length and character variety increase.
Password strength is mainly about search space. If a password uses only lowercase letters, each character has 26 possible values. If it uses uppercase, lowercase, numbers, and symbols, each character can have many more possible values. The number of combinations grows exponentially with length. A 12-character password is not merely twice as strong as a 6-character password; it can be many millions or billions of times harder to brute force depending on the character set.
This generator uses crypto.getRandomValues() when available, which is the browser API intended for cryptographic randomness. That matters because predictable randomness can produce passwords that are easier to guess. The strength meter is a practical guide based on length and character variety. It is not a full security audit because it does not check whether the password appeared in a breach, whether a website stores passwords safely, or whether you reuse the same password elsewhere. For real account security, uniqueness is as important as complexity.
How Long to Crack a Password
| Password length | Characters | Time to crack at 10 billion guesses/sec |
|---|---|---|
| 6 chars | Lowercase only | Instantly |
| 8 chars | Lowercase only | 5 seconds |
| 8 chars | Mixed case + numbers | 8 hours |
| 12 chars | Mixed case + numbers | 300 years |
| 16 chars | All character types | 1 trillion years |
| 20 chars | All character types | Far exceeds universe age |
Good Password Practice
A strong password should be long, random, unique, and stored safely. Long matters because brute force attacks scale with the number of possible combinations. Random matters because human-created passwords often follow patterns such as names, dates, keyboard paths, sports teams, and simple substitutions. Unique matters because a password leaked from one website should not unlock your email, bank, or work account. Storage matters because even a strong password is risky if it is saved in a plain text note, sent in chat, or reused across shared devices.
Password managers solve much of this problem. They can create a different long random password for every site, fill it when needed, and protect the vault with one strong master password plus multi-factor authentication. For accounts that support passkeys, hardware security keys, or authenticator apps, enable them. Also be cautious with password rules that limit length or reject common symbols; if a site allows only short passwords, compensate with multi-factor authentication and avoid reusing that password anywhere else.
FAQ
What makes a password strong?
A strong password is long, unpredictable, and unique. Length is the biggest factor because every extra character multiplies the number of combinations an attacker must try. Randomness prevents attackers from guessing patterns such as names, birthdays, keyboard paths, or common substitutions like zero for O. Uniqueness prevents one breached website from compromising other accounts. A 16-character random password with mixed character types is much stronger than a short clever-looking password. For best results, generate passwords with a secure random source and store them in a password manager.
How often should I change my passwords?
You should change a password immediately if it was reused, shared, exposed in a breach, typed on an untrusted device, or suspected of being compromised. Routine forced changes every few weeks are no longer considered best practice for many users because they encourage weaker patterns. A long unique password stored in a password manager can remain valid unless there is a reason to replace it. For high-risk work accounts, follow your organization's security policy, especially if it includes multi-factor authentication and breach monitoring.
Should I use a password manager?
Yes, a password manager is strongly recommended for most people. It lets you use a different random password for every account without memorizing them all. This protects you from credential stuffing, where attackers take a leaked password from one site and try it on many others. A good password manager can also identify reused, weak, or breached passwords and help fill logins securely. Protect the password manager itself with a strong master password and multi-factor authentication. Keep recovery options updated so you do not lose access.
What is a passphrase?
A passphrase is a password made from several words, often with separators or extra characters. A well-chosen passphrase can be easier to remember than a random symbol-heavy password while still being strong if it is long and unpredictable. For example, four or five random words can create a large search space. Avoid famous quotes, song lyrics, personal facts, or predictable phrases. Passphrases are especially useful for a master password that you must remember. For individual websites, generated random passwords stored in a manager are usually better.
Is it safe to use an online password generator?
An online password generator is safer when it runs entirely in your browser and does not send generated passwords to a server. This page generates passwords locally using browser JavaScript and the secure random API where available. Even so, use good judgment: avoid unknown pages that load suspicious scripts, advertisements that mimic copy buttons, or websites that ask you to create an account before showing a password. For maximum security, a trusted password manager's built-in generator is often the best choice because it creates and saves the password in one workflow.