Free secure password generator. Create strong random passwords in your browser with the Web Crypto API — pick length, digits and symbols. No password is sent to a server or stored.
Passwords are generated in your browser with the Web Crypto API. Nothing is uploaded and no password is stored.
Entropy is an estimate of strength against brute-force guessing — not a guarantee of safety. It does not account for password reuse, phishing or leaked databases.
Set the password length (16 or more is a good default) and turn on the character sets you need: uppercase, lowercase, digits and symbols. More sets and more length mean a stronger password.
Optionally exclude look-alike characters (0, O, 1, l, I) to make passwords easier to read and type, and set how many passwords to generate at once if you need a batch.
Click Generate. Each password is built locally in your browser and the estimated strength is shown. Copy the one you want — nothing is uploaded and no password is kept.
No. Every password is generated entirely in your browser and is never sent to any server, logged or saved. This is the key difference from many online generators, which technically could log the secrets they hand out. Close the tab and the password is gone — there is no registration and no tracking of what you generate.
No — Math.random is not cryptographically secure and must never be used for passwords. This tool uses the Web Crypto API (crypto.getRandomValues), the browser's cryptographically secure random source. Character selection also uses rejection sampling so there is no modulo bias — every character in the alphabet is equally likely.
Yes. When you select several character sets (for example uppercase, digits and symbols), the generator guarantees at least one character from each selected set, then fills the rest randomly and shuffles everything cryptographically. So a password 'with symbols' always actually contains a symbol.
Entropy in bits is an honest measure of how hard a random password is to brute-force: it equals length × log2(alphabet size). We label it weak (under 40 bits), fair, strong or very strong (80 bits or more). It is not a promise of absolute security — it does not account for reusing the password, phishing or a leaked database — only the strength of this random password against guessing.