Password Generator

FREEUtilities

TOOLPassword Generator

100% freeNo signupRuns in your browser

About Password Generator

Cryptographically secure password generation draws randomness from the operating system's entropy pool — the same source used for TLS key generation — rather than a predictable pseudo-random algorithm. The Web Crypto API's getRandomValues() function is the browser equivalent of /dev/urandom on Linux, ensuring each character selection is statistically independent and unpredictable even to the generating machine.

How It Works

The generator builds a character pool from the selected character sets: lowercase letters (26), uppercase letters (26), digits (10), and symbols (32 printable ASCII characters). The pool size determines the per-character entropy: log2(pool_size) bits per character.

To select each character, crypto.getRandomValues() fills a Uint32Array with cryptographically random 32-bit integers. Each integer is taken modulo the pool size to pick a character. If the result would introduce modular bias (because 2^32 is not evenly divisible by the pool size), that value is discarded and a fresh random value is used — this is called rejection sampling and ensures a perfectly uniform distribution.

The strength meter calculates total entropy as length × log2(pool_size) and maps that to a crack-time estimate based on bcrypt hashing rates (modern GPUs can test ~10 billion bcrypt hashes per second).

Who Is This For

A sysadmin creating 24-character random passwords for 15 service accounts before rolling out a new internal application, without needing a locally installed tool.

A developer generating a 32-character alphanumeric API secret key to use as an environment variable in a Node.js application.

A small business owner setting up a new employee's email account and needing a strong temporary password to hand over securely.

A security consultant demonstrating password entropy concepts to a client by showing how adding symbols to a 12-character password jumps from 71 to 78 bits of entropy.

Scope note: The generator cannot guarantee the output meets specific password policy requirements (e.g., "must contain at least 2 symbols") in the first attempt — regenerate until the policy is satisfied. Passwords are not stored between page loads; save them to a password manager immediately.

How to Use

Set your desired password length (8-128 characters)

Toggle character types — uppercase, lowercase, numbers, symbols

View the strength meter and entropy bits for security assessment

Click "Generate" for a new password or "Copy" to clipboard

Frequently Asked Questions

Yes. Passwords are generated using the Web Crypto API (crypto.getRandomValues), which provides cryptographically secure random values.

Length and character variety. A 16+ character password with uppercase, lowercase, numbers, and symbols has over 100 bits of entropy — practically uncrackable.

No. Passwords are generated entirely in your browser and never sent to any server. Once you leave the page, the password is gone.

Entropy measures password unpredictability in bits. A 12-character password with all character types has about 72 bits of entropy. For accounts protecting sensitive data, aim for 80+ bits. A 20-character password with full character variety gives you roughly 128 bits — considered unbreakable by current hardware.

Passphrases (four random words like "correct-horse-battery-staple") are easier to remember and can be highly secure. Random character passwords are shorter for the same entropy level but harder to memorize. Use whichever your password manager handles best — both are strong when generated randomly.

Yes. Toggle the "Exclude ambiguous characters" option to remove characters that look similar in certain fonts — 0 (zero) vs O (capital o), l (lowercase L) vs I (capital i) vs 1 (one). This is especially useful when the password will be typed manually rather than copied.