Password Generator

Length 16

464

Include Uppercase A–Z Lowercase a–z Numbers 0–9 Symbols !@#$%...

Generated in your browser. Never sent anywhere.

What makes a strong password?

A strong password is long, random, and uses a mix of character types. Length matters most: each additional character multiplies the number of possible combinations an attacker must try. A 16-character random password with mixed characters is effectively impossible to brute-force with current technology.

How It Works

The generator uses the browser's cryptographically secure random number API:

1. Build charset from selected options

2. Call crypto.getRandomValues() for each character position

3. Map each random byte to a character in the charset

4. Nothing is logged, stored, or transmitted

Tips

Use a different password for every account. A password manager (Bitwarden, 1Password) makes this practical.
16 characters is a good minimum for most accounts. Use 24+ for email, banking, and password manager master passwords.
If a site rejects your password, it likely has length or symbol restrictions. Adjust the settings and regenerate.
Enabling all four character sets maximizes entropy. Each extra character type exponentially increases cracking difficulty.

Frequently Asked Questions

Is this password generator safe to use?

Yes. Passwords are generated entirely in your browser using the Web Crypto API (crypto.getRandomValues). Nothing is sent to any server. You can disconnect from the internet and the generator still works.

What is password entropy?

Entropy measures how unpredictable a password is, expressed in bits. Each bit of entropy doubles the number of guesses required. A 16-character password using all four character sets has about 105 bits of entropy — far beyond what any current computer can crack.

Should I use a passphrase instead of a random password?

Passphrases (like "correct horse battery staple") are easier to remember and can be very secure if long enough. Random character passwords are more compact for equivalent security. For a password manager master password you must memorize, a passphrase is often the better choice.

How often should I change my passwords?

Modern guidance from NIST no longer recommends regular rotation unless there is a known breach. Rotating passwords on a schedule often leads to weaker, predictable patterns. Instead: use a unique random password for each account and change it only when a breach is detected.