Generate secure random passwords
A password generator produces high-entropy random strings unsuitable for a human to guess. True security depends on using a cryptographically secure random source (not Math.random) and guaranteeing the output actually covers the requested character classes. This tool does both, and includes a realistic strength meter that weights length and diversity together.
Yes. We use crypto.getRandomValues (backed by the OS CSPRNG) with rejection sampling to avoid modulo bias. Many online generators silently use Math.random, which is predictable.
For online accounts with a password manager, 20+ random characters across mixed classes is overkill-secure. For memorized passwords, use a passphrase (4+ random words from a list of 2,000+).
No. Generation happens in your browser; nothing is sent over the network.
Each character class you include multiplies the keyspace. 16 lowercase letters ≈ 75 bits of entropy. 16 mixed alphanumeric+symbols ≈ 105 bits. The latter resists brute force for millennia.
Yes — when length ≥ class count, we guarantee at least one character from each selected pool and shuffle the result. No more 'include symbols' ticked but the password has none.
