What This Tool Does

This password generator creates random, secure passwords using your browser's cryptographic random number generator. You choose the length and character classes (uppercase, lowercase, numbers, symbols), and it produces a password that meets common security policies for accounts, Wi-Fi, encryption keys, and more.

Inputs Explained

Length: Total number of characters in the password. Recommended: 16+ for accounts, 24+ for high-security.
Include Uppercase: Adds A–Z characters to the pool.
Include Lowercase: Adds a–z characters to the pool.
Include Numbers: Adds 0–9 characters to the pool.
Include Symbols: Adds special characters such as !@#$%^&*.
Exclude Ambiguous: Skips lookalike characters like 0/O, 1/l/I to reduce typing errors.

How It Works

The generator uses window.crypto.getRandomValues() — a cryptographically secure random number generator built into modern browsers — to pick characters from your selected pool. Each character is chosen independently with a uniform distribution, which guarantees high entropy (randomness strength).

Formula / Logic Used

entropy_bits = length × log2(pool_size) Example: 16 chars from a 94-symbol pool ≈ 105 bits of entropy.

Password Generator

Create strong, cryptographically random passwords. Nothing is ever sent to a server.

Password Length: 16

Include Uppercase (A-Z)

Include Lowercase (a-z)

Include Numbers (0-9)

Include Symbols (!@#$...)

Exclude Ambiguous (0,O,1,l,I)

Step-by-Step Example

Length: 16

Sets: Upper + Lower + Numbers + Symbols (94 character pool)

Sample output: k!8nQ#2vR$mP9wX@

Entropy: ≈ 105 bits — would take billions of years to brute-force.

Use Cases

New account creation: Generate a unique strong password for every site instead of reusing one.
Wi-Fi network setup: Create a 24+ character WPA2/WPA3 passphrase that resists dictionary attacks.
API keys and tokens: Quickly generate long random strings for development and testing.
Password rotation: Replace old or breached passwords with fresh, high-entropy ones.
Encryption keys: Produce strong keys for password-protected ZIP files, PDFs, or disk encryption.

Assumptions and Limitations

The strength estimate assumes the attacker knows your character set and length, which is the worst case.
Generated passwords are not stored. Once you close the page, they are gone — copy them to a password manager.
Symbols allowed are a common safe set. Some legacy systems reject specific symbols; verify with the target site.
Cryptographic randomness depends on your browser. All modern browsers (2015+) implement crypto.getRandomValues correctly.

Disclaimer: Always store generated passwords in a reputable password manager. Never paste them into chat, email, or untrusted sites.

Frequently Asked Questions

Is the generated password truly random?

Yes. The tool uses crypto.getRandomValues, the same secure RNG used for HTTPS keys and cryptographic operations. It is not the predictable Math.random function.

Does the tool send my password anywhere?

No. The password is generated locally in your browser and never leaves your device. There is no network call when you click Generate.

How long should my password be?

For online accounts, 16+ characters is a strong baseline. For high-value accounts (banking, email, admin), use 20–24+ characters with all character sets enabled.

Why exclude ambiguous characters?

Characters like 0 vs O or 1 vs l vs I look almost identical in many fonts. Excluding them prevents typing errors when a password must be entered manually.

What is entropy?

Entropy measures how unpredictable a password is, in bits. Each extra bit doubles the time needed to brute-force it. Above 80 bits is considered very strong against modern attacks.

Are passwords with symbols always stronger?

Yes, because symbols increase the character pool size. However, many sites limit which symbols are accepted, so always check the target site's password policy.

Can I use this for Wi-Fi passwords?

Yes. WPA2 and WPA3 accept up to 63 characters. A 32-character password from this generator is excellent for home or office Wi-Fi.

Should I save the password somewhere?

Always save to a trusted password manager like Bitwarden, 1Password, or KeePass. Never write strong passwords on paper or store them in plain text files.

Sources and References

NIST SP 800-63B Digital Identity Guidelines — Official US guidelines on password strength and policy.
MDN — Crypto.getRandomValues() — Cryptographic RNG used by this tool.
OWASP Authentication Cheat Sheet — Industry-standard guidance on password handling.
Wikipedia — Password Strength — Background on entropy and brute-force resistance.

Related Calculators

Binary & Hex Converter Unit Converter Age Calculator Date Calculator Aspect Ratio Calculator Currency Converter