Cryptographically random passwords. Everything runs in your browser — nothing is sent or stored.
Adjust the length slider (8–64 characters) and select which character sets to include: uppercase A–Z, lowercase a–z, numbers 0–9, and symbols. Optionally enable 'Exclude ambiguous' to remove characters like 0, O, l, I, and 1 that are hard to distinguish visually. The tool auto-generates a new password whenever any option changes, using crypto.getRandomValues() for cryptographic randomness. The strength meter scores the password on 6 criteria. Nothing is sent to any server.
At least 12 characters for personal accounts and 16 or more for sensitive accounts. A 16-character mixed-case password with numbers and symbols provides over 100 bits of entropy, making brute-force attacks infeasible.
Characters like 0, O, l, I, and 1 look nearly identical in many fonts. Excluding them prevents transcription errors when typing a password manually — for example into a TV or a device that cannot paste from clipboard.
Yes. The tool uses crypto.getRandomValues(), which draws entropy from the OS hardware pool. Unlike Math.random(), which is deterministic, crypto.getRandomValues() is unpredictable and safe for generating secrets.
Strength is scored on 6 criteria: length ≥ 10, length ≥ 14, contains uppercase, lowercase, digits, and symbols. Each adds one point. 6 = Very Strong, 0 = Very Weak.
More free tools