Build strong, unguessable passwords with our free Password Generator
Reused and easy-to-guess passwords are behind the vast majority of hacked accounts. The moment one site leaks its login database, attackers take those email-and-password pairs and try them everywhere else — your inbox, your bank, your social accounts. This free Password Generator breaks that chain by creating a long, completely random password for every account, so a leak on one site can never unlock another.
It runs entirely in your browser. Every password is produced with crypto.getRandomValues, the same cryptographically secure random source browsers use for real security work — not the predictable Math.random() shortcut many quick scripts rely on. Because the work happens on your own device, nothing you generate is ever sent to a server, logged, or saved. It's a good fit for anyone setting up a new account, rotating an old password after a breach notice, creating logins for a team, or generating a master password for a password manager.
How to use it
- Drag the Length slider to your target size — anywhere from 4 to 48 characters. We suggest 16 or more.
- Tick the character types you want to include: uppercase (A–Z), lowercase (a–z), numbers (0–9) and symbols (!@#$).
- Optionally switch on Exclude similar characters to drop look-alikes such as
i l 1 L o 0 O. - Press ⚡ Generate Password, or tap ↻ to roll a fresh one.
- Hit Copy and paste the password straight into the sign-up or change-password field.
What actually makes a password strong
Two things decide how hard a password is to crack: how many character types it can draw from, and how long it is. Each extra character multiplies the number of possible combinations, and length matters far more than swapping a single letter for a symbol. A short password full of symbols is still weak; a long one is strong even if it looks plain. That's why this generator lets you push the length all the way to 48 and guarantees at least one character from every type you enable, so a setting you turned on is never silently skipped.
Reading the entropy meter
The strength bar under the password shows bits of entropy — a measure of how many guesses an attacker would need on average. Each extra bit doubles that effort, so the jump from 50 to 60 bits is enormous, not small. We label four bands: under 36 bits is Weak, 36–59 is Fair, 60–89 is Strong, and 90+ is Very strong. As a rule of thumb, aim for 60 bits or more for everyday logins and 80+ for anything that protects money, email, or other accounts. Watch the number climb in real time as you raise the length or add another character type.
Exclude similar characters — when it helps
If you'll ever read a password aloud, copy it by hand, or type it on a TV or game-console keyboard, the Exclude similar characters option is worth a tick. It removes the usual culprits — lowercase L, capital I, the digit 1, and the letter O versus zero — that get mixed up in many fonts. For passwords you only ever copy and paste, leave it off so the generator can use the full character set and squeeze out a little more entropy.
Privacy: nothing leaves your device
There is no account, no login, and no server call involved in generating a password here. The whole tool is HTML and JavaScript that runs locally, so the passwords exist only on your screen until you copy them. We never see them, and they aren't stored — refresh or close the tab and the current password is gone for good. The safest place to keep the passwords you create is a dedicated password manager, which remembers a unique one for every site so you only have to memorise a single strong master password.
Go deeper: read our full guide — What Actually Makes a Password Strong.