X
🔑

Free Password Generator

Create strong, random and secure passwords instantly. Set the length, pick what to include — done in your browser, nothing is uploaded.

••••••••••••
🔒 100% Secure: Passwords are created in your browser and never leave your device.

Build strong, unguessable passwords with our free Password Generator

Reused and easy-to-guess passwords are behind the vast majority of hacked accounts. The moment one site leaks its login database, attackers take those email-and-password pairs and try them everywhere else — your inbox, your bank, your social accounts. This free Password Generator breaks that chain by creating a long, completely random password for every account, so a leak on one site can never unlock another.

It runs entirely in your browser. Every password is produced with crypto.getRandomValues, the same cryptographically secure random source browsers use for real security work — not the predictable Math.random() shortcut many quick scripts rely on. Because the work happens on your own device, nothing you generate is ever sent to a server, logged, or saved. It's a good fit for anyone setting up a new account, rotating an old password after a breach notice, creating logins for a team, or generating a master password for a password manager.

How to use it

  1. Drag the Length slider to your target size — anywhere from 4 to 48 characters. We suggest 16 or more.
  2. Tick the character types you want to include: uppercase (A–Z), lowercase (a–z), numbers (0–9) and symbols (!@#$).
  3. Optionally switch on Exclude similar characters to drop look-alikes such as i l 1 L o 0 O.
  4. Press ⚡ Generate Password, or tap to roll a fresh one.
  5. Hit Copy and paste the password straight into the sign-up or change-password field.

What actually makes a password strong

Two things decide how hard a password is to crack: how many character types it can draw from, and how long it is. Each extra character multiplies the number of possible combinations, and length matters far more than swapping a single letter for a symbol. A short password full of symbols is still weak; a long one is strong even if it looks plain. That's why this generator lets you push the length all the way to 48 and guarantees at least one character from every type you enable, so a setting you turned on is never silently skipped.

Reading the entropy meter

The strength bar under the password shows bits of entropy — a measure of how many guesses an attacker would need on average. Each extra bit doubles that effort, so the jump from 50 to 60 bits is enormous, not small. We label four bands: under 36 bits is Weak, 36–59 is Fair, 60–89 is Strong, and 90+ is Very strong. As a rule of thumb, aim for 60 bits or more for everyday logins and 80+ for anything that protects money, email, or other accounts. Watch the number climb in real time as you raise the length or add another character type.

Exclude similar characters — when it helps

If you'll ever read a password aloud, copy it by hand, or type it on a TV or game-console keyboard, the Exclude similar characters option is worth a tick. It removes the usual culprits — lowercase L, capital I, the digit 1, and the letter O versus zero — that get mixed up in many fonts. For passwords you only ever copy and paste, leave it off so the generator can use the full character set and squeeze out a little more entropy.

Privacy: nothing leaves your device

There is no account, no login, and no server call involved in generating a password here. The whole tool is HTML and JavaScript that runs locally, so the passwords exist only on your screen until you copy them. We never see them, and they aren't stored — refresh or close the tab and the current password is gone for good. The safest place to keep the passwords you create is a dedicated password manager, which remembers a unique one for every site so you only have to memorise a single strong master password.

Go deeper: read our full guide — What Actually Makes a Password Strong.

FAQ

Are these passwords safe to use?

Yes. Each password is generated locally in your browser with crypto.getRandomValues, a cryptographically secure random source, and is never sent to or stored on any server. The result is genuinely random, so it is safe for real accounts.

Are the generated passwords stored anywhere?

No. Nothing is uploaded, logged, or saved. The password only exists on your screen — once you refresh or close the page it is gone, so copy it before you leave and paste it where you need it.

How long should my password be?

Aim for at least 16 characters for everyday logins, and longer for email, banking, or a password-manager master password. Length adds strength faster than any single symbol, which is why the slider goes up to 48.

What does the entropy number mean?

Entropy, shown in bits, estimates how many guesses an attacker would need on average. Every extra bit doubles that effort. Under 36 bits is weak, 60+ is strong, and 90+ is very strong. Add length or more character types to raise it.

Should I turn on "exclude similar characters"?

Switch it on if you will type or read the password by hand, since it removes look-alikes like l, 1, I, O and 0. Leave it off for copy-and-paste use so the full character set is available and the password keeps slightly more entropy.

Can I trust a password I did not create myself?

A randomly generated password is far harder to guess than one you invent, because people unconsciously fall back on names, dates, and keyboard patterns. Pair it with a password manager so you never have to memorise it, and reuse it nowhere else.

More tools