Password Generator
SecurityGenerate strong, random passwords with customisable length and character rules. Works entirely in your browser — nothing is ever stored or transmitted.
What is a Password?
A Password Generator is a tool that creates strong, random passwords on demand by combining characters from a pool you choose — uppercase letters, lowercase letters, numbers, and symbols. Instead of relying on a person to invent a password (which almost always introduces predictable patterns like birthdays, pet names, or simple keyboard sequences), this tool draws every character independently using your browser's cryptographically secure random number generator.
The result is a password with no exploitable structure. Security researchers consistently find that human-created passwords cluster around a small set of common patterns, which is exactly why credential-stuffing and dictionary attacks remain effective. A generated password sidesteps this entirely — every character is equally likely, so the only way to find it is to try every possible combination, which becomes computationally infeasible once the password is long enough.
For developers creating test accounts, IT teams provisioning new user credentials, or anyone signing up for a new service, the Password Generator removes the temptation to reuse a weak, memorable password. Pair it with the UUID Generator when you also need a unique identifier for the account itself, not just its credential.
How to use this Password calculator
- Set the Password Length field to your desired number of characters — 16 or higher is recommended for important accounts.
- Toggle Include Uppercase (A-Z) on or off depending on whether the target system allows capital letters.
- Toggle Include Lowercase (a-z), Include Numbers (0-9), and Include Symbols (!@#$...) to match the password rules of the account you're creating.
- Review the generated password in the result box — it updates instantly whenever you change a setting.
- Click the copy icon to copy the password to your clipboard, then paste it into the password field of the account you're setting up. Save it in a password manager rather than relying on memory.
Formula & Methodology
The generator builds a character pool by concatenating the character sets you've enabled: - Uppercase:A-Z(26 characters) - Lowercase:a-z(26 characters) - Numbers:0-9(10 characters) - Symbols:!@#$%^&*()_+-=[]{}|;:,.<>?(26 characters) For each position in the password, the tool draws one cryptographically random 32-bit integer usingcrypto.getRandomValues()and reduces it modulo the pool size to pick a character. This is repeated independently for every character, so no position depends on any other. Entropy measures how hard a password is to guess: it'slog2(pool size ^ length)bits. A 16-character password drawn from the full 88-character pool (all four toggles on) has roughlylog2(88^16) ≈ 103bits of entropy — well beyond what any practical brute-force attack can exhaust with current computing power. Even a more modest 12-character password with all toggles on carries about 77 bits of entropy, comfortably strong for most personal accounts.
Frequently Asked Questions
What is a password generator?
A password generator is a tool that creates random, unpredictable passwords by drawing characters from a pool you control — uppercase letters, lowercase letters, numbers, and symbols. Unlike passwords humans invent (which tend to reuse patterns like names, dates, or keyboard sequences), a generated password has no underlying pattern an attacker can guess, making it dramatically harder to crack.
How random is the password this tool generates?
This Password Generator uses the Web Crypto API's `crypto.getRandomValues()`, a cryptographically secure random number source built into your browser — the same class of randomness used for encryption keys, not the weaker `Math.random()` function. Every character is chosen independently from your selected character pool, so there is no predictable pattern for an attacker to exploit.
What makes a strong password?
Strength comes from length and character variety, not cleverness. A 16-character password drawn from uppercase, lowercase, numbers, and symbols is far stronger than a 10-character password using a memorable phrase, because length and pool size both multiply the number of possible combinations an attacker would have to try.
How do I generate a password?
Set your desired length using the length field, toggle on the character types you want included — uppercase, lowercase, numbers, symbols — and the password updates instantly. Click the copy icon next to the result to copy it to your clipboard.
Can I customise which characters are included?
Yes. Each character type — uppercase letters, lowercase letters, numbers, and symbols — has its own toggle, so you can match the password rules of the specific website or system you're signing up for. If a site disallows symbols, simply turn that toggle off before generating.
Is it safe to use this password generator?
Yes — password generation happens entirely inside your browser using your device's secure random number generator. Nothing you generate is ever sent to a server, logged, or stored anywhere; closing the tab leaves no trace of the password you created.
Are generated passwords stored anywhere?
No. This tool has no backend and no database — the password exists only in your browser's memory for as long as the page is open. Once you copy it and navigate away or close the tab, it is gone.
Can the same password be generated twice?
It's theoretically possible but practically negligible. A 16-character password drawn from a 94-character pool has roughly 10^31 possible combinations — far more than the number of passwords ever generated by every user of this tool combined, so a repeat is not something to worry about.
How long should my password be?
12 characters is a reasonable minimum for most accounts today, but 16 or more is recommended wherever the site allows it, especially for email, banking, and password-manager master passwords. Longer passwords resist brute-force attacks far better than adding complexity to a short one.
Should I use a different password for every account?
Yes — reusing a password means a single data breach on one site can compromise every account that shares it. Generate a unique password per account with this tool and store them in a password manager rather than trying to memorise them all.
What's the difference between a password and a passphrase?
A password mixes random characters across multiple character types, while a passphrase strings together random dictionary words (e.g. correct-horse-battery-staple) that are easier to type and remember but still long enough to resist brute-force attacks. Use the [UUID Generator](/uuid-generator/) for unique identifiers, or a dedicated passphrase tool when memorability matters more than raw character density.
Does this work without an internet connection?
Once the page has loaded, yes — all generation logic runs locally in your browser with no further network requests required, so it continues to work even if your connection drops.