π Password Generator
Create strong, random and secure passwords. Passwords are generated in your browser with cryptographic randomness β they never leave this page.
What is a Password Generator?
A password generator is a free tool that creates hard-to-guess, random and strong passwords based on the length and character rules you choose. The memorable passwords we tend to pick β "cat1234" or a birth date β can be cracked in minutes by dictionary and brute-force attacks. This tool mixes uppercase, lowercase, numbers and symbols to produce high-entropy passwords. Most importantly, passwords are generated entirely on your device using the browser's cryptographic random number generator, crypto.getRandomValues; no data is ever sent to a server.
How to use it
- Set the length. Use the slider to pick a length between 4 and 64 characters. At least 16 characters is recommended for most accounts.
- Choose character types. Toggle uppercase, lowercase, numbers and symbols on or off. The more types you enable, the larger the pool and the stronger the password.
- Fine-tune. If you'll type the password by hand, enable "exclude ambiguous characters" to avoid confusing I, l, 1, O and 0. You can also enable "no repeated characters" so each character is used only once.
- Generate and copy. The password refreshes automatically whenever you change an option. Use the "Copy" button to put it on your clipboard, or generate several passwords and copy the whole list at once.
Example: what makes a strong password?
A 16-character password that includes all four character types draws from a pool of about 94 characters and has roughly 105 bits of entropy. With today's hardware that is practically impossible to brute-force. By contrast, an 8-character password using only lowercase letters and digits has about 41 bits of entropy and is far weaker. The rule of thumb: increase length first, then character variety.
Tips for creating secure passwords
- Use a different password for every account. So that one leak doesn't compromise all your accounts, use a unique password per service.
- Use a password manager. Memorizing dozens of long, random passwords is impossible; a password manager stores them securely for you.
- Turn on two-factor authentication where possible. Even a strong password may not be enough on its own; 2FA adds an extra layer of security.
- Prioritize length. The biggest boost to strength comes from adding characters, more than from adding symbols.
This password generator runs entirely in your browser. The main worry with an online password generator is that the generated password could be seen over the network; there is no such risk here, because no network request is made and no password is ever stored.
Frequently Asked Questions
How does the password generator work?
Based on the length and character types you choose, a random password is created using your browser's cryptographic random number generator (crypto.getRandomValues). Rejection sampling is used to avoid modulo bias and everything happens in your browser.
Is the generated password secure? Is it stored anywhere?
Passwords are generated only in your browser, with no network connection. No password is stored or sent to a server. When you close the page, the generated passwords are gone.
How is password strength (entropy) calculated?
Strength is measured in entropy bits from the pool size and length: bits = length Γ log2(pool size). Under 60 bits is Weak, 60-80 Fair, 80-100 Strong, and over 100 bits Very strong.
What does excluding ambiguous characters do?
Look-alike characters such as I, l, 1, O and 0 are easy to confuse when typing a password by hand. This option removes them from the pool to reduce the risk of misreading.