Generate Strong, Random Passwords That Don't Leave Your Browser
Cryptographically secure passwords and EFF-style passphrases with a live entropy meter, similar-character filtering, and batch generation — all built with crypto.getRandomValues().
5 of 5 free uses left
Generate up to 50 at once — useful for seeding accounts, devices or service users.
Generated locally with crypto.getRandomValues() — never leaves your browser.
Generate Strong, Random Passwords That Don't Leave Your Browser
A password is only as strong as the randomness behind it. Human-chosen passwords cluster around predictable patterns — birthdays, pets, keyboard walks, "P@ssw0rd!" — and modern attackers exploit every one of them with multi-billion-guess-per-second dictionary and rule-based attacks. The only defense is real randomness, and real randomness has to come from the right source.
Our Password Generator uses the browser's built-in **`crypto.getRandomValues()`** API — the same cryptographically secure random source that powers TLS handshakes and Web Crypto signatures. Every character is sampled from your chosen character pool with **unbiased rejection sampling**, so a 20-character random password actually has the entropy you expect (around 130 bits with a full mixed-case + digit + symbol set). Nothing is ever transmitted to a server, no log is kept, and no analytics fire when you generate or copy a password. Open the network tab and watch — zero requests.
The tool has two modes. **Password mode** gives you classic random strings with toggles for length (6–64), lowercase, uppercase, digits, symbols, and filters for visually similar characters (i / l / 1 / L / o / 0 / O) and ambiguous symbols. At least one character from every enabled set is guaranteed to appear, so you won't get rejected by overly strict "must contain a number" policies. **Passphrase mode** generates EFF-style memorable passphrases from a curated wordlist — four to ten words separated by your choice of delimiter, with optional capitalization and a random number for sites that demand one. Passphrases are dramatically easier to remember than random strings while still offering 50+ bits of entropy with five words.
A **live entropy meter** shows the actual bits of randomness behind each generated password, plus an estimated time to crack assuming a sophisticated offline attack at 10 billion guesses per second. **Batch mode** generates up to 50 passwords at once — perfect for seeding new accounts, device credentials, service users in a deploy, or one-time codes for staff onboarding. Copy individual passwords or download the whole batch as a text file.
Use this tool when creating a new account, rotating a leaked password, provisioning service credentials, generating recovery codes, or anywhere else you need real randomness rather than a memorable string that's secretly in every attacker's dictionary.
How It Works
Pick Mode & Options
Choose password or passphrase, then tune length, character sets and filters.
Generate
Click Generate (or hit the regenerate icon) to produce new passwords using crypto.getRandomValues().
Copy or Download
Copy a single password to clipboard or download a batch as a text file. Everything is local — nothing is logged.
Why Use Our Tool?
Cryptographically Secure
Built on crypto.getRandomValues() with unbiased rejection sampling — the same RNG that powers TLS.
Passwords & Passphrases
Random character strings for storage, or memorable EFF-style passphrases for ones you have to type.
Live Entropy Meter
Shows real bits of entropy plus an estimated offline-attack crack time for every generated password.
Guaranteed Character Sets
At least one character from every enabled set — so 'must contain a symbol' policies always pass on the first try.
Similar-Char Exclusion
Strip visually confusing characters (i, l, 1, L, o, 0, O) and ambiguous symbols for passwords humans will read aloud.
Batch Generation
Generate up to 50 passwords at once — ideal for service credentials, device seeding or staff onboarding.
100% Local & Private
Runs entirely in your browser. No server, no logs, no analytics on generated values — open the network tab and verify.