Password Generator

Cryptographically secure passwords using crypto.getRandomValues().

16
8128
password
Password strengthVery Strong (95 bits)

About cryptographic security

All passwords are generated using crypto.getRandomValues(), a cryptographically secure random number generator built into browsers. No passwords are sent to any server.

Secure random password generator: create strong passwords with custom length and character sets

Weak and reused passwords remain one of the leading causes of account compromises. A strong password is long, random, and unique to each account: exactly what this tool produces. Using the browser's built-in cryptographically secure random API, every password generated is genuinely unpredictable.

Customise length from 8 to 64 characters, mix and match character sets, and exclude visually ambiguous characters for passwords that need to be read aloud. Generate instantly, copy to clipboard, and store in a password manager: the entire process takes under ten seconds.

How to use: step by step

  1. 1
    Set the password length
    Drag the length slider or type a value. Longer passwords are exponentially harder to crack: 16+ characters is recommended for most accounts.
  2. 2
    Choose character sets
    Enable or disable uppercase letters, lowercase letters, numbers, and symbols to match the requirements of your target service.
  3. 3
    Exclude ambiguous characters
    Toggle the option to exclude visually similar characters like 0/O and 1/l/I: helpful for passwords that may be read aloud or typed manually.
  4. 4
    Generate
    Click Generate to produce a cryptographically random password. Generate as many times as you like until you find one that suits you.
  5. 5
    Copy and save
    Click Copy to copy the password, then store it immediately in a password manager such as Bitwarden, 1Password, or KeePass.

Related Tools

Frequently Asked Questions

How strong is a generated password?
Strength depends on length and character variety. A 16-character password using uppercase, lowercase, digits, and symbols has over 85 bits of entropy: far beyond the reach of brute-force attacks with current hardware.
Is the password generation truly random?
Yes. Passwords are generated using the browser's cryptographically secure random number generator (window.crypto.getRandomValues), the same API used in security-sensitive applications.
Is my generated password sent to a server?
No. All generation happens entirely in your browser. The password never leaves your device.
What is the recommended password length?
Security experts recommend at least 12 characters for regular accounts, 16+ for important accounts (email, banking), and 20+ for high-value targets. Longer is always better if the service supports it.
Why should I use a password manager?
A password manager lets you use a unique, complex password for every account without memorising them. Reusing passwords is one of the biggest security risks: if one site is breached, all your accounts become vulnerable.
What characters count as symbols?
The symbol set typically includes !, @, #, $, %, ^, &, *, (, ), -, _, +, =, [, ], {, }, ;, :, ', ", ,, ., <, >, ?, /, \, |, and ~. Some services restrict certain symbols: disable them with the character set toggles.
What does excluding ambiguous characters do?
Ambiguous characters are pairs that look similar in certain fonts: 0 (zero) and O (uppercase O), 1 (one) and l (lowercase L) and I (uppercase i). Excluding them reduces confusion if the password needs to be read from a screen or printed.
Should my password contain dictionary words?
Generally no: dictionary words are vulnerable to dictionary attacks even when combined. The random generator avoids real words entirely, which is the most secure approach for high-entropy passwords.
Can I generate multiple passwords at once?
Click Generate repeatedly to produce different passwords. Each click produces an independent, cryptographically random result.
What is two-factor authentication and should I use it alongside a strong password?
Two-factor authentication (2FA) requires a second proof of identity (like a phone app code) in addition to your password. Combining a strong unique password with 2FA provides significantly stronger account protection.

AlteredIdea vs alternatives

vs command-line tools: No terminal needed. Works in any browser on any device.

vs paid generator tools: Completely free, no account required, no rate limits.

vs library functions: Instant results: no coding needed. Just click and copy.

Rate this tool: