Password Generator

Generate cryptographically random passwords and passphrases with real entropy scores and estimated crack time (e.g., "2 billion years at 10B guesses/second"). Customize length, character sets, and exclusions. Bulk-generate up to 100 passwords at once and export as a QR code. 100% browser-based — generated passwords are never sent to any server, ever. No signup.

Bulk

Instant

Settings

Password Length

4 32 64 128

Uppercase (A-Z) ABCDEFGHIJKLMNOPQRSTUVWXYZ

Lowercase (a-z) abcdefghijklmnopqrstuvwxyz

Numbers (0-9) 0123456789

Symbols !@#$%^&*()_+-=[]{}|;:,.<>?

Custom Symbols

Exclude Ambiguous Removes 0O, 1lI, | characters

No Duplicate Chars Each character used only once

Generated Password

Your password is generated securely in your browser. It is never sent to any server.

Strength Strong

Entropy 0 bits

Crack time Instant

Character Composition

Saved Passwords 0

No saved passwords yet Click Save to bookmark your generated passwords here

Length 16

Entropy 0 bits

Charset Size 0

Strength -

What Makes a Strong Password?

A strong password combines length, randomness, and character diversity to maximize the number of possible combinations an attacker must try. The most important factor is length — each additional character multiplies the total combinations exponentially.

Using a password manager with randomly generated passwords is the gold standard for security. Never reuse passwords across accounts, and enable two-factor authentication (2FA) wherever possible.

Length Matters Most A 16-char password has billions of times more combinations than an 8-char one

True Randomness Cryptographic randomness prevents patterns that attackers can exploit

Mixed Character Types Combining uppercase, lowercase, numbers, and symbols expands the charset

Unique Per Account Never reuse passwords — a breach on one site compromises all shared accounts

Password vs Passphrase

Feature	Password	Passphrase
Format	`xK9#mP2$qL7!`	`Correct-Horse-Battery-Staple`
Memorability	Difficult to remember	Easier to remember
Typing Speed	Slow (mixed case, symbols)	Faster (natural words)
Entropy (typical)	~80-100 bits (16 chars)	~44-55 bits (4-5 words)
Best For	Password managers, system accounts	Master passwords, manual entry
Weakness	Hard to type on mobile	Longer strings needed for equal entropy

How to Use — 3 Simple Steps

Configure Your Settings

Choose Password or Passphrase mode. Adjust the length, toggle character types on/off, and enable options like excluding ambiguous characters or preventing duplicates.

Review Strength Analysis

Check the strength meter, entropy bits, and estimated crack time. Aim for at least “Strong” (80+ bits of entropy) for important accounts.

Copy & Use

Click Copy to copy your password to the clipboard. Use Bulk mode to generate multiple passwords at once, or check the QR code to scan on another device.

Understanding Entropy

Entropy measures password randomness in bits. It is calculated as log₂(charset_size^length), which simplifies to length × log₂(charset_size). A password with 80 bits of entropy has 2⁸⁰ (about 1.2 × 10²⁴) possible combinations.

Entropy Range	Strength	Example	Crack Time*
< 28 bits	Very Weak	4-char lowercase	Instant
28 – 35 bits	Weak	6-char letters only	Seconds
36 – 59 bits	Fair	8-char mixed, no symbols	Hours to weeks
60 – 79 bits	Good	12-char all types	Years
80 – 99 bits	Strong	16-char all types	Millions of years
100+ bits	Very Strong	20+ char all types	Beyond heat death of universe

* Estimated at 10 billion guesses per second (advanced GPU cluster)

Pro Tips

Use a Password Manager

Generate unique 20+ character passwords for every account and store them in a password manager. You only need to remember one strong master password.

Passphrases for Master Passwords

Use a 5+ word passphrase for your master password. It is easier to remember, fast to type, and provides excellent security when words are truly random.

Enable 2FA Everywhere

Even the strongest password can be compromised via phishing. Two-factor authentication (TOTP or hardware keys) adds a critical second layer of defense.

Check for Breaches

Use services like Have I Been Pwned to check if your email or passwords have been exposed in data breaches. Change compromised passwords immediately.

Password Facts

Frequently Asked Questions

How does this password generator create secure passwords?

This tool uses the Web Crypto API (crypto.getRandomValues()) to generate cryptographically secure random numbers. This is the same random number generator used by browsers for TLS/SSL encryption, making the passwords as random as technically possible in a browser environment.

What is a good password length?

For most purposes, a 16-character password with mixed character types (uppercase, lowercase, numbers, symbols) provides excellent security with over 100 bits of entropy. For high-security accounts, 20+ characters or a 5+ word passphrase is recommended. The minimum recommended length is 12 characters.

What is the difference between a password and a passphrase?

A password is a string of random characters (e.g., "xK9#mP2$qL"), while a passphrase is a sequence of random words (e.g., "correct-horse-battery-staple"). Passphrases are easier to remember and type but need to be longer to achieve equivalent security. A 4-5 word passphrase from a 2048-word list provides about 44-55 bits of entropy.

What does entropy mean for passwords?

Entropy measures password randomness in bits. It is calculated as log2(charset_size ^ length). Higher entropy means more possible combinations and a stronger password. Under 28 bits is very weak, 28-35 is weak, 36-59 is fair, 60-79 is good, 80-99 is strong, and 100+ bits is very strong.

Is my generated password stored anywhere?

No. All password generation happens entirely in your browser using JavaScript. No passwords are ever sent to any server, stored in cookies, or logged anywhere. Your generated passwords exist only in the browser tab and are not persisted.

How long should a secure password be in 2026?

Current NIST guidelines (SP 800-63B) recommend a minimum of 8 characters but security experts recommend at least 16 characters for general accounts and 20+ for high-value accounts like email, banking, and password managers. A 16-character random password with mixed character types (uppercase, lowercase, digits, symbols) has over 100 bits of entropy — enough to withstand even nation-state-level brute force attacks for centuries. If you struggle to remember passwords, use a 5-word passphrase instead: it's both easier to remember and mathematically stronger.

What makes a passphrase more secure than a random password?

A passphrase like "correct-horse-battery-staple" is more secure than a short complex password like "P@ssw0rd!" for two reasons: entropy and memorability. A 4-word passphrase from a 2000-word list has about 44 bits of entropy; a 5-word passphrase has ~55 bits — equivalent to a 10-12 character fully random password. But passphrases are far easier to remember and type correctly. The key requirement is that the words must be chosen randomly (not a meaningful phrase), which is exactly what this tool's passphrase mode does.