Password Generator

This tool creates strong, random passwords of any length using the character sets you choose — uppercase letters, lowercase letters, digits, and symbols. It runs entirely in your browser, generates several passwords at once so you can pick one you like, and lets you copy any of them with a single click. Nothing you generate is sent over the network or stored anywhere, which is exactly how a password generator should behave.

Who it is for

It is for anyone who needs a fresh, unguessable password — when you sign up for a new account, rotate an old or leaked password, set up a Wi-Fi network, create a database or API credential, or pick a master password for a password manager. If you have ever reused the same password across sites, this is the tool that frees you from that habit.

How it works — character sets and entropy

A password's real strength is measured in entropy, expressed in bits. Entropy depends on two things: the size of the pool of possible characters (the “character space”) and the length of the password. The formula is entropy = log₂(charspace^length) = length × log₂(charspace).

The character space grows as you enable more types: 26 lowercase + 26 uppercase + 10 digits + the symbol set. Enabling lowercase and uppercase alone gives 52 possible characters per position; adding digits makes 62; adding symbols pushes it higher still. Each additional character position multiplies the number of possible passwords, so length increases entropy far faster than tacking on one more character type. As a rough guide: under 40 bits is weak, 60+ bits is strong for everyday accounts, and 80+ bits is very strong and effectively infeasible to brute-force.

The strength meter in the result panel reads out this entropy estimate in bits and gives each password a label from very weak to very strong, so you can see at a glance whether your current settings are good enough before you commit to one. Generating a batch of several at a time is handy because it lets you skip any that are awkward to type or read aloud and keep one that suits the account you are creating.

Worked example

Take a 16-character password using lowercase, uppercase, and digits — a character space of 62. Its entropy is 16 × log₂(62) ≈ 16 × 5.954 ≈ 95 bits, which is very strong. Now drop to an 8-character password from the same set: 8 × 5.954 ≈ 48 bits — weak enough that a determined attacker with modern hardware could crack it. Same character types, half the length, dramatically weaker. This is why the length slider matters more than any single checkbox.

Security best practices

Use a unique password for every account so a breach on one site cannot unlock the others. Aim for at least 12 characters for ordinary logins, 16+ for email and banking, and 20+ for a password-manager master password. Store passwords in a reputable password manager rather than a notebook or spreadsheet, and turn on two-factor authentication wherever it is offered — it protects you even if a password is somehow exposed.

Change a password immediately if a service reports a breach or you suspect it has leaked, and prioritise your email account above all others, since it is the recovery channel an attacker would use to reset everything else. Be wary of entering passwords on pages reached through links in emails or messages, as phishing sites mimic real logins to capture whatever you type. A strong, random password protects you only when it stays secret, so the habits around it matter as much as its length.

Common mistakes

Avoid predictable substitutions like “P@ssw0rd” — attackers' cracking dictionaries already include them, so they add almost no real entropy. Do not base passwords on names, birthdays, mobile numbers, or dictionary words. Resist shortening a password just to make it easier to type, and never reuse one password across multiple sites. Finally, generate passwords on a device and browser you trust, and clear them from your clipboard after pasting.