Password Generator

How to Use the Password Generator

Set your desired password length using the slider. Choose anywhere from 8 to 128 characters. For most accounts, 16 characters is a strong starting point.
Select character types by checking or unchecking uppercase (A-Z), lowercase (a-z), numbers (0-9), and symbols (!@#$). Including all four types creates the strongest passwords.
Click Generate to create a random password. The strength meter will show you how secure it is. Use the Copy button to copy the password to your clipboard.

How It Works

This password generator uses the Web Crypto API's crypto.getRandomValues() function, which is a cryptographically secure random number generator (CSPRNG). Unlike Math.random(), this API uses entropy from your operating system to produce numbers that are practically impossible to predict.

When you click Generate, the tool builds a character pool from your selected options (uppercase, lowercase, numbers, symbols). It then generates random indices into that pool for each character position. The result is a truly random string that has no pattern or meaning.

The strength meter evaluates your password by checking length thresholds (8, 12, 16, 24 characters) and character variety. A password with 16+ characters using all four types scores "Excellent" and would take billions of years to crack with current computing power.

Common Use Cases

New account creation - Generate a unique, strong password every time you sign up for a new service
Password rotation - Replace old, weak passwords with strong random ones as part of good security hygiene
Wi-Fi passwords - Create strong passwords for your home or office wireless network
Encryption keys - Generate random strings for encrypting files, databases, or API keys

Password Security Tips

Use a password manager to store unique passwords for every account. You only need to remember one master password.
Never reuse passwords across sites. If one site is breached, all accounts with that password become vulnerable.
Length beats complexity - a 20-character lowercase password is harder to crack than an 8-character password with symbols.
Enable two-factor authentication (2FA) wherever possible for an extra layer of security beyond your password.

Password Strength Guide — Time to Crack

Password Length	Lowercase Only	+ Uppercase	+ Numbers	+ Symbols (All Types)
6 characters	Seconds	Minutes	Minutes	Hours
8 characters	Hours	Days	Weeks	Months
10 characters	Weeks	Months	Years	Decades
12 characters	Years	Decades	Centuries	Millennia
16 characters	Centuries	Millennia	Millions of years	Billions of years
20 characters	Millions of years	Billions of years	Trillions of years	Trillions of years
24+ characters	Billions of years	Trillions of years	Virtually uncrackable	Virtually uncrackable

Estimates assume 10 billion guesses/second (modern GPU cluster). Actual times vary by algorithm and attacker resources.

Character Set Sizes

Character Set	Characters	Pool Size	Example
Lowercase only	a–z	26	abcdefghijkmnopqrstuvwxyz
+ Uppercase	a–z, A–Z	52	abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
+ Numbers	a–z, A–Z, 0–9	62	abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
+ Symbols	All printable	95	abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+-=[]{}\|;:,.<>?

More characters in the pool = exponentially harder to crack. A 12-char password with 95 symbols has 95¹² = 540 quadrillion combinations.

Common Password Mistakes

Weak Pattern	Why It’s Bad	Strong Alternative
Password123	Top of every cracking dictionary	kP7$mN2vXq9!wR4
Using personal info (birthdate, pet name)	Easily guessed from social media	Randomly generated by this tool
Reusing the same password everywhere	One breach compromises all accounts	Unique password per site + password manager
Short passwords (< 8 chars)	Cracked in seconds to minutes	Minimum 12–16 characters
Common substitutions (p@ssw0rd)	Cracking tools know all letter-number swaps	Truly random character sequences
Keyboard patterns (qwerty, 123456)	First attempts in any brute-force attack	No recognizable patterns
Single dictionary word	Dictionary attacks try all common words	Random chars or 4+ random words (passphrase)
Writing passwords on sticky notes	Physical security risk	Encrypted password manager (Bitwarden, 1Password)

Frequently Asked Questions

How strong should a password be?

A strong password should be at least 12-16 characters long and include a mix of uppercase letters, lowercase letters, numbers, and symbols. NIST recommends using long passphrases of 15+ characters. This generator defaults to 16 characters with all character types enabled.

Is the password generator secure?

Yes. This tool uses the browser's crypto.getRandomValues() API, which is a cryptographically secure random number generator. Passwords are generated entirely in your browser and are never sent to or stored on any server.

How is password strength calculated?

The strength meter scores your password based on length (8+, 12+, 16+, 24+ characters) and character variety (uppercase, lowercase, numbers, symbols). More length and variety means a higher score from "Very Weak" to "Excellent".

Should I use the same password for multiple accounts?

No. You should use a unique password for every account. If one account is compromised, unique passwords prevent attackers from accessing your other accounts. Consider using a password manager to store all your generated passwords securely.

What makes a password hard to crack?

Length is the most important factor. A 16-character password with mixed characters would take centuries to brute-force. Avoid dictionary words, personal information, and common patterns like "Password123". Random passwords generated by this tool are ideal.

Generate Multiple

How to Use the Password Generator

How It Works

Common Use Cases

Password Security Tips

Password Strength Guide — Time to Crack

Character Set Sizes

Common Password Mistakes

Frequently Asked Questions

More Free Tools

Text Tools

Generators

Calculators