Create strong, random passwords in your browser. Choose the length and character sets; nothing is sent to a server.
Strong
Entropy (bits)
103
Longer is stronger — 16 or more is a good default.
This generator builds a password from cryptographically secure randomness that runs entirely in your browser. The strength rating is based on entropy — a measure of how many equally likely passwords your settings could have produced. The more characters you allow and the longer the password, the more guesses an attacker would need, and the harder it is to crack.
A 16-character password drawing on all four sets (lowercase, uppercase, digits, and 24 symbols) picks from 86 possible characters per position. That works out to 16 × log₂(86) ≈ 103 bits of entropy — rated Strong, and far beyond what brute force can reach.
Shorten it to 8 lowercase-only characters and the alphabet drops to 26. Entropy falls to 8 × log₂(26) ≈ 38 bits — rated Weak, the kind of password modern hardware can exhaust quickly.
Stretch the same all-sets password to 20 characters and entropy climbs to about 129 bits — rated Very Strong. Each extra character multiplies the work an attacker faces, which is why length matters more than swapping one symbol for another.
Is my password sent anywhere?
No. Generation happens locally with the browser’s Web Crypto API. The password never leaves the page, is not logged, and is not stored — reload and it is gone.
What is entropy and why does it matter more than complexity rules?
Entropy counts how many equally likely passwords your settings could produce, in bits. Adding length or enabling more character sets raises it; predictable substitutions like “P@ssw0rd” do not. Above roughly 100 bits, guessing the password by brute force is computationally infeasible.
Should I turn on “exclude look-alike characters”?
Only if you will type or read the password by hand and want to avoid confusing l/1 or O/0. It slightly shrinks the alphabet (and entropy), so leave it off for passwords you paste from a manager.
Is a passphrase better than a random password?
A long passphrase of several random words can reach comparable entropy and is easier to remember, but it must be genuinely random — not a favourite quote. For values you store in a password manager, a long random string like this one is simplest.
How should I store the passwords I create here?
Use a reputable password manager so every account gets a unique, long password without you memorising any of them. Reusing one strong password everywhere is still risky, because a single breach exposes them all.