100% local processing - your files and data never leave your browser.
No accounts, no tracking - we don't save your credentials, files, or usage.
Free forever - donations are welcomed, but every tool is and always will be free.
Open in spirit - need a special tools..? Drop a message.
CRYPTOGRAPHICALLY SECURE · 100% LOCAL

PASSWORD
GENERATOR

Generate strong random passwords using your browser's secure RNG. Customize length, character sets, exclusions. Bulk mode for 50 at once. Memorable passphrases too. Nothing leaves your device - ever.

Generate Now - Free All 54 Tools
SETTINGS LENGTH 20 CHARACTER SETS A-Z uppercase a-z lowercase 0-9 numbers !@#$ symbols ⚡ GENERATE YOUR PASSWORD qK9-mZ4$Np!2 Tx7&Bw3cH#vL 5sJ@F8eQ_R STRENGTH VERY STRONG ENTROPY 131 bits CRACK TIME 10⁹⁸ years 📋 Click to copy
Cryptographically Secure
Uses your browser's crypto.getRandomValues() - the same secure RNG that powers HTTPS and password managers. Not the predictable Math.random() most online tools use.
Real Entropy Math
Strength meter calculates true entropy in bits (log₂ of possible combinations) and shows a calibrated crack-time estimate - not a vague "weak/strong" guess.
Skip Confusing Chars
Optional toggle to exclude visually-similar characters like l, 1, I, O, 0 - plus ambiguous symbols that break in URLs and shells.
Bulk Generation
Generate 1, 5, 10, or 50 passwords at once. Perfect for setting up multiple accounts, team onboarding, or filling password manager imports.
Memorable Passphrases
Diceware-style mode picks random words from a curated list - correct-horse-battery-staple style. Strong, but actually memorizable.
100% Local
Generation happens entirely in your browser. Passwords never get sent anywhere, never logged, never seen by anyone but you. Safe even on shared networks.
The Tool

CREATE A PASSWORD

Adjust the settings - new password generates instantly. Click to copy.

password-generator.php · ready LIVE

1 - Mode

2 - Length

20

3 - Character Sets

4 - Exclusions

Bulk Generation

Your Password

click "Generate" to begin
Strength: bits
Crack time:
Pro tip: Don't try to memorize random passwords. Use a password manager (Bitwarden, 1Password, KeePass) and only memorize one strong master password using the memorable mode.
Copied!
Process

HOW IT WORKS

No magic, no servers - just your browser's built-in cryptographic randomness.

01
Pick your settings
Length, character sets, exclusions. Or switch to memorable mode for a passphrase you can actually recall.
02
Browser generates locally
Uses crypto.getRandomValues() - the secure RNG built into every modern browser. The same one used by HTTPS and password managers.
03
Copy and use
Click the password to copy, or use the copy button. Bulk download as .txt for batch use.
FAQ

COMMON QUESTIONS

12 characters minimum - acceptable for low-stakes accounts.
16 characters - solid for most personal accounts.
20+ characters - recommended for important accounts (email, banking, password manager master password).
32+ characters - overkill for most uses but trivial when stored in a password manager.

The included strength meter shows real entropy in bits - aim for 80+ bits for important accounts.

Most basic random functions (like JavaScript's Math.random()) are predictable - given enough output, an attacker can figure out the next "random" value. crypto.getRandomValues() uses your operating system's secure entropy pool (the same source HTTPS uses) - cryptographically unpredictable. Many free password generator websites use the unsafe one. This tool uses the safe one.

Entropy measures how unpredictable your password is. Each bit doubles the search space. A 20-bit password has ~1 million possibilities (cracked instantly). A 60-bit password has ~10¹⁸ possibilities (years of effort). An 80+ bit password is effectively uncrackable with current technology. Bigger character sets and longer passwords both add entropy.

Exclude similar (l 1 I O 0) - turn this on if you'll need to read and re-type the password (like reading from a printed page or another screen). Off by default since password managers handle copy-paste fine.

Exclude ambiguous symbols - turn this on if the password will be used in URLs, shell commands, or systems that mishandle quotes/backslashes. Slightly weaker but more compatible.

Both reduce entropy slightly. Only enable if you actually need them.

No. Generation happens entirely in your browser. The password is never transmitted to any server, logged, stored in cookies, or visible to anyone but you. You can even disconnect from the internet after the page loads and the tool will keep working.

Random characters - higher entropy per character, smaller passwords. Best stored in a password manager. Use for everything except your master password.

Memorable passphrase - lower entropy per "unit" but easy to memorize. A 5-6 word passphrase has plenty of strength for everyday use. Best for the master password to your password manager (the one password you must memorize) or anywhere you'll need to type it manually.