Password Generator
Generate secure, random passwords client-side
Symbol set:
!@#$%&*-_=+.?
How this generator works
Every character is drawn from crypto.getRandomValues() — the same cryptographic random number generator your browser uses for TLS handshakes and WebCrypto operations. It pulls entropy from your operating system's kernel, not from a JavaScript Math.random() polyfill.
We also apply rejection sampling when mapping random bytes to character indices. This is a small detail that most password generators get wrong: if you just do randomByte % charsetSize, you introduce a tiny but real bias toward the lower characters in the set (because 256 doesn't divide evenly by, say, 94). The bias is usually too small to matter, but for something explicitly marketed as a cryptographic tool, getting it right matters.
The two symbol sets, explained
Picking symbol characters for passwords is harder than it looks. The full symbol set (!@#$%^&*()-_=+[]{};:,.<>?/|~\'\"\\`) gives more entropy per character, but it also creates friction:
- Bank and government websites often reject certain symbols silently. You'll think you set a password successfully, then find you can't log in.
- Legacy form validators sometimes strip or HTML-encode symbols.
- Mobile keyboards make
{and~annoying to type.
We default to a safe set (!@#$%&*-_=+.?) that works in 95%+ of forms. If you need maximum entropy and the destination accepts everything, toggle "Extended set" to get the full set. The symbol set is always shown to you before generation — no surprises.
What "strong" means
The strength bar is based on Shannon entropy — the number of bits of randomness in your password. Each bit doubles the number of guesses required to brute-force it. A 70-bit password takes roughly 2^70 attempts on average to crack offline, which translates to thousands of years even with dedicated GPU farms.
| Rating | Entropy | Effective brute-force time at 1 trillion guesses/sec |
|---|---|---|
| Weak | < 28 bits | Seconds |
| Fair | 28–49 bits | Hours to days |
| Strong | 50–71 bits | Decades |
| Very Strong | 72+ bits | Centuries |
The 1 trillion guesses/sec rate assumes a sophisticated attacker with custom hardware. Your password manager protects against far slower web logins where rate-limiting kicks in.
Why nothing is stored
This page does not persist your password anywhere. The generated string lives in browser memory until you reload, copy, or generate a new one. No localStorage, no fetch calls, no analytics events containing the password. The page doesn't even auto-generate one on load — you press Generate when you want one.
If you want password storage with sync, use a dedicated password manager. This tool exists for the moment when you need to invent a strong password and don't want to think about it.
Online vs offline attacks — why the same password is "weak" and "fine" at once
When you type a password into a website login form, your guess is checked by the site's server. Modern services watch that closely: after three or five wrong tries the account is temporarily locked, requires a captcha, or fires a "suspicious activity" email. Even with a leaked password list, an attacker can only test maybe 5–10 guesses per minute before getting blocked — and even with a small army of bots distributing the attempts, it's hard to push past a few hundred per hour. This is called rate limiting. Against an attacker stuck at hundreds of guesses per hour, an 8-character lowercase password (28 bits of entropy, ~200 billion possibilities) is fine. They simply can't try enough.
The catastrophe scenario is different. Sites get hacked, databases get dumped, password vaults get leaked, encrypted backups get stolen. When that happens, the attacker has a *copy* of the data on their own machine. No rate limit. No lockout. They can throw a GPU farm at it — billions of guesses per second. The same 8-character password that lasted forever against the website's login form falls in a couple of seconds. The threat model flips the moment the data leaves the server's controlled environment.
This is why the same password rates as "weak" on the bar even though, for most uses, it's perfectly safe. The bar assumes the worst case: someone has the encrypted blob and can attack it offline at full speed.
What a password manager actually does for you
A password manager solves the offline-attack problem in a way humans alone can't: it lets you use a unique 20+ character random password for every single site, without your brain having to remember any of them. You memorize one master password — yours, chosen carefully, long, ideally with words you'll never forget — and the manager handles everything else. When a site gets breached, only that one password is exposed, and it's a 20-character random string that no offline attack can crack in a useful amount of time. The blast radius drops from "all my accounts" to "this one account, which I'll rotate."
If you don't use a password manager today, that may be the single biggest password-security upgrade available to you, and it costs less than a coffee per month (or is free, in some cases). Our generator exists for the moment when you need a strong random password and don't want to think — but the password it gives you is most useful when stored somewhere durable, not memorized.