About this tool
Generate passwords up to 128 characters with configurable character sets — lowercase, uppercase, digits and symbols — plus an option to skip ambiguous characters like l, 1, O and 0. Randomness comes from the Web Crypto API (crypto.getRandomValues), the same cryptographically secure source used by password managers, not the predictable Math.random.
Length beats complexity: every added character multiplies the search space, which is why a 16-character random password is enormously stronger than an 8-character one with exotic symbols. Guidance from NIST emphasizes long, unique passwords per site over forced complexity rules. Generation is fully local; no password ever leaves your device.
How to use it
- Set the length (16+ recommended) and character sets.
- Click Generate — repeat until you like the result.
- Copy it straight into your password manager.
Frequently asked questions
How long should a password be?
At least 12–16 characters for anything that matters. Each extra random character multiplies the cracking effort; length is the cheapest strength upgrade.
Is this generator really random?
It uses crypto.getRandomValues, a cryptographically secure RNG built into the browser — suitable for security purposes, unlike Math.random.
Should I avoid symbols if a site rejects them?
Compensate with length: a 20-character letters-and-digits password is stronger than a 12-character one with symbols.