Password Generator - Strong Random Passwords

This tool requires JavaScript to run. Please enable JavaScript in your browser settings.

100% client-side. Passwords are generated using your browser's crypto.getRandomValues() API — the same cryptographic randomness used by password managers. No passwords are stored, logged, or transmitted. This page works offline.

Length: 20

Uppercase (A-Z)

Lowercase (a-z)

Numbers (0-9)

Symbols (!@#$%...)

Exclude ambiguous characters (0, O, l, 1, I, |)

Generate multiple

How it works

This generator uses window.crypto.getRandomValues(), a cryptographically secure pseudorandom number generator (CSPRNG) built into every modern browser. This is the same entropy source used by 1Password, Bitwarden, and other password managers. The randomness comes from your operating system's entropy pool — not Math.random().

Password strength guide

8-11 characters — Weak. Can be brute-forced.
12-15 characters — Fair. Adequate for low-value accounts.
16-19 characters — Strong. Good for most purposes.

20-31 characters — Very strong. Recommended default.
32+ characters — Excellent. Use for master passwords and API keys.
64+ characters — Overkill. But why not?

Tips

Use a password manager (1Password, Bitwarden) — don't try to memorize random passwords.
For WiFi passwords or ones you type manually, uncheck symbols and use 20+ characters.
For API keys and tokens, use 32-64 characters with all character sets.
Never reuse passwords across different services.