Password Generator
Strong, random passwords and passphrases with entropy.
How to use Password Generator
- Open the Password tab and set a length with the slider — 16 or more is a reasonable default, 20+ for anything sensitive.
- Toggle the character classes you want in the pool. Lowercase, uppercase, and digits are almost always worth leaving on; symbols give the biggest entropy boost per character.
- Turn on "Exclude ambiguous" if you expect to read the password off the screen or dictate it, and "Require one from each class" to satisfy policies that demand every class appear.
- Enter any characters to block in the Custom exclude list (for example, punctuation your target system refuses) and pick a Bulk count if you need multiple passwords at once.
- Press Regenerate (or ⌘/Ctrl + Enter) and copy the result. Watch the entropy bar — anything below 60 bits means you should raise the length or re-enable a class.
- For a memorable master key, switch to the Passphrase tab, pick 5–7 words, a separator you can type comfortably, and optionally capitalise words and append a digit.
- Use the Share button to copy a URL that preserves your option state (never the generated password itself) so a teammate can reproduce your settings on their own machine.
Password Generator
A privacy-first, cryptographically-secure password and passphrase generator that runs entirely in your browser. Every byte of randomness comes from the Web Crypto API (crypto.getRandomValues), every character is selected via rejection sampling to defeat modulo bias, and every generated password stays on your device — no network request, no logging, no localStorage, no clipboard spyware. The shareable URL encodes your option state and only your option state; the password itself is never serialised anywhere except the textarea you can see.
Why yet another password generator
Most online password generators fall into one of three traps. The first group uses Math.random or its moral equivalent — fast, seedable, and completely unsuitable for any secret material because an attacker who observes a handful of outputs can sometimes reconstruct the internal state and predict future outputs. The second group uses a real CSPRNG but posts the generated password to a server that logs every request, or runs an ad script on the same page that reads your clipboard. The third group uses a CSPRNG without rejection sampling, so certain characters become subtly more likely than others and the real entropy of the output is slightly less than advertised.
This tool addresses all three. It uses crypto.getRandomValues, the CSPRNG mandated by the W3C Web Crypto specification, which every browser and Node.js runtime implements against a high-entropy operating-system source. It draws bytes in chunks and rejects any byte that would introduce modulo bias when mapped into the target charset — documented inline, tested with a chi-square distribution check over ten thousand samples. And it ships as a single-file pure TypeScript transform, about three hundred lines, with zero runtime dependencies and no network egress of any kind. The source is in the repository; you can read the entire generator in one sitting.
What it does
- Random passwords from 8 to 128 characters drawn from any combination of lowercase, uppercase, digits, and an ASCII symbol set (
!@#$%^&*()-_=+[]{};:,.<>/?~|). - Ambiguous-character filter that strips
0 O I l 1 |' "so passwords read clearly on paper, over a phone call, or from a low-resolution screen. - Custom exclude list for targets that reject specific characters — some legacy banking systems still disallow
#,%, or$. - Require-one-from-each-class enforcement that guarantees at least one character from every enabled class, satisfying the "must contain an uppercase, a digit, and a symbol" policy without forcing you to regenerate until the stars align.
- Passphrase generator using a curated 200-word English list of common 4–6 letter words, with configurable word count (3–12), separator (
- . _or space), capitalisation, and an optional trailing digit for an extra ~3.3 bits of entropy. - Live entropy estimate in bits, with a coloured bar pinned to 0–128 and a qualitative strength label (
very-weak,weak,fair,strong,excellent) that updates as you tweak options. - Bulk generation up to 50 passwords per click for seeding a new team or rotating service credentials.
- Keyboard-first workflow — ⌘/Ctrl + Enter regenerates, Copy sends the latest output to the clipboard.
Security story: why this is safe to use
The threat model for a password generator is simpler than it looks: the generator itself must not leak the password, and the randomness must be strong enough that guessing is infeasible. Every decision in this tool is organised around those two properties.
Locally-generated, locally-held. The entire generator is a client-side React component. There is no API endpoint invoked when you click Regenerate. There is no telemetry beacon watching the textarea. There is no analytics script; the page has no third-party JavaScript at all. Open the browser devtools Network tab, click Regenerate a hundred times, and the request list stays empty.
Web Crypto, not Math.random. Every random byte comes from crypto.getRandomValues. That API is required by the W3C Web Crypto standard and is implemented on top of the operating system's entropy pool — /dev/urandom on Linux, BCryptGenRandom on Windows, SecRandomCopyBytes on macOS. Output is indistinguishable from true random under any currently-known cryptanalytic attack.
Rejection sampling against modulo bias. A common bug in "secure" generators is bytes[i] % N where N does not divide 256 evenly — the first 256 mod N characters of the charset end up slightly more probable than the rest. This generator draws one byte, checks it against a pre-computed threshold (floor(256 / N) * N), and discards any byte at or above that threshold. The discarded fraction is small (typically under 10%) and the resulting distribution is provably uniform. The test suite includes a chi-square smoke test over ten thousand samples that flags any regression.
No persistence of secret material. The generated password lives in React component state only. It is never written to localStorage, sessionStorage, IndexedDB, the URL hash, the query string, cookies, or any other browser-persisted store. Reloading the tab destroys it. The Share button encodes your option state (length, toggles, word count, separator) into the URL fragment so a teammate can reproduce your settings — it deliberately does not include the generated password itself.
Password vs passphrase: how to pick
Use a random password when the string will live in a password manager and no human has to recall it. Sixteen to twenty characters from the full 94-char set gives 104–131 bits of entropy — comfortably beyond current and projected cracking capability. Turn on "Require one from each class" so that policy checkers happy-path you instead of rejecting the first few candidates.
Use a passphrase when the string is a memorable top-of-stack secret: a password-manager master key, a full-disk-encryption passphrase, a root account on a server you administer manually. Six words from a 200-word list is about 45.8 bits; eight words is about 61.1 bits; with capitalisation and a trailing digit mixed in, seven words climbs to roughly 57.8 bits. For anything above 80 bits of passphrase entropy, the word count has to rise past ten, at which point re-typing the phrase is where the user experience hurts — pair it with a symbol-rich custom tail or switch to a password manager.
Related tools
- SHA-256 Hash — hash a password before you compare it, or generate HMAC-style tokens for signed links.
- UUID Generator — when you need a unique identifier rather than a secret; v7 UUIDs are the right default for database primary keys.
- Base64 Encode / Decode — pack generated tokens into URLs, headers, or Basic-Auth strings.
Frequently asked questions
What is entropy and why does it matter for a password?
Entropy is a bit-count that measures how many distinct passwords an attacker would have to try, on average, to guess yours. For a truly random password of length L drawn uniformly from a charset of size N, entropy equals L × log2(N) bits. A 12-character password from the full 94-character printable-ASCII set is roughly 78.6 bits — about 4.3 × 10²³ possibilities, which an offline attacker at a trillion guesses per second would need roughly 14 000 years to exhaust. This Password Generator reports entropy live so you can see exactly what each length or charset change buys you.
How strong is strong enough?
Below about 40 bits, any modern attacker with a leaked hash cracks the password in hours with a consumer GPU. 40–60 bits is marginal — acceptable for a throwaway forum account, not for anything sensitive. 60–80 bits is fair — adequate for most web accounts paired with a password manager and unique credentials. 80–100 bits is strong and the sensible default for high-value accounts like email, banking, and cloud infrastructure. Above 100 bits is excellent and functionally uncrackable given current hardware and physics; this tool caps at 128 bits of display entropy because anything beyond that is theatre, not security.
Passphrase versus password — which should I use?
A passphrase is a sequence of unrelated dictionary words, typically 4–7 of them separated by a delimiter. It is easier to memorise than a random string of the same entropy and easier to type on a mobile keyboard. A password is denser per character — 94-charset gives about 6.55 bits per character, whereas a 200-word list gives about 7.64 bits per word. For a password manager's master key or a server root account, a 6–7 word passphrase beats a 12-character password on memorability at comparable entropy. For per-site logins stored in the manager itself, random passwords are usually better because no human has to recall them.
Is this password generator safe to use?
Yes. Every password and passphrase is generated locally in your browser using the Web Crypto API (crypto.getRandomValues), which is a cryptographically-secure random number generator mandated by the W3C and implemented natively in every modern browser and in Node.js. No input, no output, no option toggle, no generated password, and no clipboard contents ever leave your device. There is no server round-trip, no logging, no analytics tap on the textarea, and no third-party script sitting between the generator and your screen. The Share button encodes the option state (length, toggles, word count) into the URL fragment, which browsers never send to servers, and it deliberately does not include the generated password itself.
Why does this tool avoid Math.random?
JavaScript's Math.random is not a CSPRNG — it is a fast, linear pseudo-random generator seeded from a low-entropy source, with internal state that can sometimes be recovered from a small number of outputs. Using it for secret material is a known anti-pattern that would let any attacker with access to a handful of your previously-generated passwords predict the next one. This tool uses crypto.getRandomValues exclusively and applies rejection sampling on top to avoid modulo bias, so every character position is uniformly distributed across the configured charset.
What does "exclude ambiguous characters" actually exclude?
The excluded set is 0 O I l 1 | backtick apostrophe and straight double-quote. These characters look alike in most common fonts — zero vs capital O is the classic offender, as is lowercase L vs capital I vs digit 1. Turning the toggle on trades a small amount of entropy (the charset shrinks by 9 characters out of 94) for a massive reduction in transcription errors when a password has to be read from a screen, dictated over the phone, or copied from a printed QR reset card. If you only paste passwords out of a password manager and never look at them, leave the toggle off for a little extra entropy per character.