About the Password Generator
This password generator uses the browser's built-in crypto.getRandomValues() API for all generation. This is a cryptographically secure random number generator suitable for security-sensitive applications, unlike Math.random() which is not cryptographically secure and should never be used for passwords or tokens.
You can control password length from 4 to 128 characters and choose which character sets to include. The Exclude Ambiguous option removes characters that look similar in certain fonts (0, O, l, 1, I), which is useful when passwords need to be typed from a screen or read aloud. The strength meter gives a real-time indication of password quality based on length and character set diversity. Nothing is transmitted to any server at any point.
Password Security Guidelines
- Use at least 16 characters. Length is the single most important factor in password strength. A 16-character random password is far stronger than a 10-character password with complex rules.
- Use all four character types. Uppercase, lowercase, numbers and symbols together give the largest possible character space, making brute-force attacks computationally infeasible.
- Use a different password for every account. A password manager is the only practical way to do this. Generate a unique 20+ character password for each service and store it in a manager like Bitwarden or 1Password.
- For service accounts and APIs. Use 32+ character passwords with all character types. Service accounts are high-value targets and rarely need to be typed manually.
Frequently Asked Questions
Password Use and Storage Notes
Strong passwords should be unique for every account and stored in a trusted password manager. Longer passphrases are usually easier to type and remember, while fully random strings are better for accounts and systems where a password manager can autofill them.
Do not reuse generated passwords across services. For business systems, follow the organisation's password policy, multi-factor authentication requirements and credential-sharing rules.