Password Generator

Password
Password length
5 20 35 50 65 80 100
Characters used
If the password contains characters not supported by the service, remove them. You can also add your own.
Will use the settings selected above.
Uses secure algorithms. Password generation relies on the Web Crypto API, which produces cryptographically strong random values instead of weak pseudo-random ones.
Crypto: getRandomValues() — MDN

Frequently Asked Questions

Why use a generator instead of making up a password myself?

People create predictable passwords — birthdays, names, pet names, keyboard rows (qwerty, 123456), and symbol substitutions like @ for "a" or 3 for "e". All of this is already covered in attack dictionaries.

Dictionary attacks try millions of known passwords and their variations in seconds. Credential stuffing uses login–password pairs from past breaches — reusing a password across sites means compromising one compromises all. A generator creates truly random passwords that appear in no dictionary.

What makes a password strong?

Password strength is measured by entropy — a gauge of unpredictability. Each additional character multiplies the number of possible combinations: 20 random characters create a space that would take billions of years to brute-force even on powerful hardware.

Password, passphrase, or PIN — which one to choose?

Password is the best choice for most services: high entropy, no need to memorize — store it in a password manager.

Passphrase works when you need to remember or type it yourself: a manager's master password, OS login, disk encryption. A few random words are easy to remember yet hard to crack.

PIN is only for services or devices that accept digits only: ATM, phone lock screen.

Is my password sent to a server?

No. Everything happens locally in your browser. The page contains no analytics or trackers that could read your passwords.

Where should I store generated passwords?

Use a password manager — your browser's built-in vault or a dedicated app. Never reuse the same password across different services.

Two-factor authentication — why do I need it?

Even the strongest password can be stolen via phishing or a database breach. A second factor — a code from an authenticator app or SMS — blocks access even if the attacker already has your password. Enable 2FA on all important accounts: email, banking, messaging apps.

How do I know if my password has been leaked?

There are services that aggregate known breach databases and let you check whether your email or password appears in them. If your address is found — immediately change the password on the affected service and on every other site where you used the same password. This is yet another reason never to reuse passwords.

How often should I change my passwords?

If you use randomly generated passwords (like those created here), rotating them every 6–12 months adds an extra layer of protection. Changing passwords predictably — password1 → password2 — provides no benefit. Change your password immediately if you suspect a leak or account compromise.

History

Click a password to copy it

🔒 History is not saved and will be cleared on page reload or close — your passwords are never stored.

History is empty
Copied!