Password Generator
Generate strong, random passwords with custom length and character set options.
Click "Generate" to create a password
A strong password is your first line of defense against unauthorized access. This free password generator offers two modes: "Random" creates a cryptographically secure password of up to 64 characters using the browser's built-in Web Cryptography API — no data ever leaves your device. "From keyword" transforms your memorable word into a strong password using leet-speak substitutions, capitalization rules, and symbol additions.
You can customize the character set: include or exclude uppercase letters, numbers, and symbols to match any site's requirements. All generation happens entirely in your browser — no passwords are stored, logged, or transmitted to any server.
Frequently Asked Questions
Is this password generator secure?
Yes. In "Random" mode, passwords are generated using the Web Cryptography API (crypto.getRandomValues), which is cryptographically secure and approved by security standards including NIST. No passwords are sent to any server — all generation happens locally in your browser. You can verify this by disconnecting from the internet and confirming the tool still works.
What is the "From keyword" mode?
You enter a memorable word (e.g. "sunshine") and the generator applies leet-speak substitutions (e→3, a→4, o→0, i→!, s→$, etc.), capitalization, and adds symbols and numbers. The same keyword always produces the same password, making it reproducible for you but highly resistant to brute-force attacks.
How long should a password be?
At least 12 characters for most accounts. For critical accounts (banking, email, cloud storage), use 16+ characters. Password length is the single biggest factor in security — a 16-character password with only lowercase letters is far harder to crack than an 8-character password with all character types.
Should I include symbols in my password?
Yes, if the site allows it. Symbols dramatically increase entropy. A 12-character password with uppercase, lowercase, digits and symbols has approximately 10,000× more possible combinations than one with lowercase letters only. If a site restricts symbols, compensate by increasing the length to 16+ characters.
What is a strong password?
A strong password is at least 12 characters long, contains a mix of uppercase and lowercase letters, numbers, and symbols, and is not based on dictionary words, personal information (names, dates of birth), or predictable patterns like "Password123!" or "Qwerty2024". Each account should have a unique password.
Should I use a password manager?
Yes — a password manager (such as Bitwarden, 1Password, or KeePass) is the most practical way to use unique, strong passwords for every account without memorising them. You only need to remember one master password. Free options like Bitwarden are fully featured and open-source.
Is it safe to use an online password generator?
It is safe if the generator works entirely in your browser without sending data to a server. This generator uses the browser's crypto.getRandomValues API and performs all operations locally — no password is ever transmitted or stored. For extra peace of mind, you can go offline before generating passwords.
What is two-factor authentication (2FA) and should I use it?
Two-factor authentication adds a second verification step (such as a code from an authenticator app) after your password. Even if your password is compromised, an attacker cannot access your account without the second factor. Enable 2FA on all critical accounts — email, banking, and any account with personal or financial data.
How often should I change my passwords?
Current NIST guidelines (2023) recommend against mandatory periodic password changes unless there is evidence of a breach. Instead, focus on: using a unique password for every account, enabling 2FA, and changing a password immediately if a service reports a data breach. Regular unprompted changes often lead to weaker passwords (e.g. Password1 → Password2).
What is password entropy?
Entropy measures how unpredictable a password is, expressed in bits. Higher entropy = harder to crack. A 12-character password using all character types (94 possible characters) has about 79 bits of entropy — considered strong. A 16-character version reaches ~105 bits. Our random generator maximises entropy by using the cryptographically secure crypto.getRandomValues function.