Password Generator

Generate strong, random passwords instantly. Choose length, uppercase, lowercase, numbers, and symbols. All passwords are created locally in your browser.

🔐 Password Options
🔒 Privacy: Passwords are generated entirely in your browser. Nothing is sent to any server. Only you can see the generated passwords.
Results

Adjust options and click Generate.

How Does the Formula Work?

The password generator creates cryptographically random passwords using the Web Crypto API built into your browser. It supports customizable length and character types, with a real-time strength meter that evaluates each password's entropy — the mathematical measure of randomness that determines how hard a password is to crack.

Entropy (bits) = Length × log₂(Charset Size)

Charset sizes:
Uppercase only: 26 | Lowercase only: 26
Numbers only: 10 | Symbols: 26
All combined: 88 characters

Example: 16 chars, all types (88 charset)
Entropy = 16 × log₂(88) = 16 × 6.46 = 103 bits
Crack time at 10B guesses/sec: ~3.2 × 10¹² years

Why Length Matters Most

Every additional character multiplies the number of possible passwords by the charset size. A 12-character password with all types has 88¹² possibilities (about 10²³). A 16-character password has 88¹⁶ (about 10³¹) — that is 100 million times more combinations. Going from 12 to 16 characters is far more effective than adding a few special characters to a short password.

Strength Levels

The strength meter uses entropy to classify passwords. Below 36 bits is weak (crackable in seconds to minutes). 36–50 bits is fair. 50–65 bits is good for low-value accounts. 65–85 bits is strong for most purposes. Above 85 bits is very strong — even nation-state attackers with vast computing power would need astronomical time to crack it. For reference, a 16-character password with all character types has about 103 bits of entropy.

Complete Privacy

This generator runs entirely in your browser using JavaScript. The passwords are created using crypto.getRandomValues(), the same cryptographic random number generator used by professional password managers. No password, no seed, no data of any kind is ever sent to any server. When you refresh or close the page, the password is permanently gone from memory. You are the only person who can ever see the passwords this tool generates.

Why Length Matters More Than Complexity

A 12-character password using only lowercase letters has more entropy (56 bits) than an 8-character password using all character types (52 bits). Each additional character multiplies the search space exponentially, while adding special characters only increases it linearly per position. Security experts now recommend passphrases — long strings of random words like "correct-horse-battery-staple" — because they are both harder to crack and easier to remember. The generator supports lengths up to 128 characters for maximum security.

Common Password Attacks

Brute-force attacks try every possible combination sequentially. Dictionary attacks use common words and patterns. Rainbow table attacks use precomputed hashes. A strong random password defeats all three: brute-force becomes impractical above 80 bits of entropy (would take billions of years), dictionary attacks fail because the password contains no real words, and rainbow tables cannot cover the full space of long random strings. The crack time estimate in this generator assumes a modern GPU cluster performing 10 billion guesses per second.

Tips & Recommendations

Custom Length

Slider from 4 to 128 characters. 16+ recommended for strong security. 20+ for critical accounts.

Strength Meter

Real-time entropy calculation. See bits of randomness, charset size, and estimated crack time.

Guaranteed Types

When multiple types are selected, the password guarantees at least one character from each type.

100% Private

Generated in your browser with Web Crypto API. Nothing sent to any server. Only you can see the passwords.

Frequently Asked Questions

Are the generated passwords secure?

Yes. Passwords are generated using the Web Crypto API (crypto.getRandomValues) which provides cryptographically secure random numbers. This is the same method used by professional password managers.

Are my passwords stored or sent anywhere?

No. All passwords are generated entirely in your browser using JavaScript. Nothing is sent to any server. Once you close or refresh the page, the generated password is gone unless you copied it.

How long should my password be?

At least 12 characters for important accounts. 16+ characters with mixed types (uppercase, lowercase, numbers, symbols) provides excellent security. For critical accounts, use 20+ characters.

What does entropy mean?

Entropy measures password randomness in bits. Higher entropy = harder to crack. 40 bits is weak, 60 is good, 80+ is strong. A 16-character password with all types has ~103 bits — practically uncrackable.

How is crack time estimated?

Based on 10 billion guesses per second (high-end attack). Real crack time depends on the attacker's resources, but this gives a good relative measure of password strength.

Related Tools

Phone Life Cost Calculator

See how much of your life you spend on your phone. Enter daily usage and age to calculate lifetime days, months, and years on screen.

Daily Life
Subscription Cost Calculator

Calculate the true cost of your subscriptions. See monthly, yearly, and 5-year totals. Add multiple subscriptions to find your total spend.

Daily Life
Age Calculator

Calculate your exact age in years, months, days, hours, and minutes. Find your next birthday countdown and birth day of the week.

Daily Life

Recent Calculations

No calculations yet

Last updated: May 11, 2026